Sign in to follow this  
snipes

System Fix virus

Recommended Posts

I got hit with the system fix virus and after trying everything I could think of I threw ComboFix at it(I know, risky, but I was desperate). ComboFix managed to restore my PC, but I ran Ad-Aware and it still found lots of objects. I can't run Real Player or Skype(everytime I try I get a Fatal Error or Disk I/O error), I've tried reinstalling Real Player but that didn't work. Everytime I open up INternet Explorer a message pops up telling me a program tried to change my default search engine. I don't know what to do to regain control and get some of my programs back up and running again...Help...

Share this post


Link to post
Share on other sites
Please, to get help with cleaning your computer try to follow the instructions in the topic [url=http://www.lavasoftsupport.com/index.php?showtopic=30823]Read This Before You Post![/url]. Please, also post the existing log from ComboFix that you find as C:\Combofix.txt.

PS. To get an email when I reply, please click "Follow this topic" button, which is located rather close to the upper right corner.

Share this post


Link to post
Share on other sites
Sorry, here is the Ad-Aware log:

Logfile created: 12/11/2011 01:33:06
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: User
*********************** Definitions database information ***********************
Lavasoft definition file: 150.646
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 11233.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 437230
Objects detected: 42

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 3
Folders.........: 0
LSPs............: 0
Cookies.........: 39
Browser hijacks.: 0
MRU objects.....: 0

Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0
Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0
Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0
Description: *gator* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408861 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0
Description: *mrskin* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409189 Family ID: 0
Description: *pro-market* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408823 Family ID: 0
Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *.bridgetrack* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409095 Family ID: 0
Description: *clickz* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408888 Family ID: 0
Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0
Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0
Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0
Description: *rambler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408818 Family ID: 0
Description: *rotator.adjuggler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409135 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0
Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0
Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0
Description: *webpower* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409354 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Quarantined items:
Description: c:\documents and settings\user\application data\sun\java\deployment\cache\javapi\v1.0\jar\field.jar-4b7a49e1-3494cc85.zip::json/parser.class Family Name: Trojan.Java.Blacole.a (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5:
Description: e:\documents and settings\paul\local settings\temporary internet files\content.ie5\jrvpjnec\animated_favicon1[1].htm Family Name: Trojan-Downloader.JS.Gumblar.w (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 9f2ff1ebba941a78fe09f5fe4c230afa
Description: e:\system volume information\_restore{9c35f2cb-3c94-4996-b38e-d25671c88286}\rp258\a0083238.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 334ee328da36cc99e4e6fac69dc62a8f
Scan and cleaning complete: Finished correctly after 24224 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,E:\,F:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sun Dec 11 07:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sun Dec 11 13:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sun Dec 11 19:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true

****************************** System information ******************************
Computer name: XPHOMEPC
Processor name: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Processor identifier: x86 Family 6 Model 23 Stepping 10
Processor speed: ~2500MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5898, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 2123194368 bytes
Physical memory total: 3216564224 bytes
Virtual memory available: 1899130880 bytes
Virtual memory total: 2147352576 bytes
Memory load: 33%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 600 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 672 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 704 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 748 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 760 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 932 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 952 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1016 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1120 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1156 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1276 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1364 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1496 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1620 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1636 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1644 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1108 name: C:\WINDOWS\Explorer.EXE owner: User domain: XPHOMEPC
PID: 804 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1716 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1780 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1820 name: C:\WINDOWS\system32\Brmfrmps.exe owner: SYSTEM domain: NT AUTHORITY
PID: 388 name: c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1388 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1732 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 144 name: C:\Program Files\Analog Devices\Core\smax4pnp.exe owner: User domain: XPHOMEPC
PID: 164 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: User domain: XPHOMEPC
PID: 660 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: XPHOMEPC
PID: 364 name: C:\Program Files\Real\RealPlayer\update\realsched.exe owner: User domain: XPHOMEPC
PID: 968 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: XPHOMEPC
PID: 1832 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2060 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: User domain: XPHOMEPC
PID: 2284 name: C:\WINDOWS\system32\ctfmon.exe owner: User domain: XPHOMEPC
PID: 2692 name: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe owner: User domain: XPHOMEPC
PID: 3368 name: C:\WINDOWS\system32\rundll32.exe owner: User domain: XPHOMEPC
PID: 3412 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3756 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1720 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: User domain: XPHOMEPC
PID: 128 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC
PID: 664 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC
PID: 580 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC
PID: 3008 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC
PID: 2688 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4064 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2196 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 640 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: XPHOMEPC
PID: 3348 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3768 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2672 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: XPHOMEPC
PID: 1392 name: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe owner: SYSTEM domain: NT AUTHORITY
Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: DWQueuedReporting
imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: SigmatelSysTrayApp
imagepath: sttray.exe
Name: NeroFilterCheck
imagepath: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: IgfxTray
imagepath: C:\WINDOWS\system32\igfxtray.exe
Name: HotKeysCmds
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: Persistence
imagepath: C:\WINDOWS\system32\igfxpers.exe
Name: SoundMAXPnP
imagepath: C:\Program Files\Analog Devices\Core\smax4pnp.exe
Name: SetDefPrt
imagepath: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: CanonMyPrinter
imagepath: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Name: CanonSolutionMenu
imagepath: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
Name: MSC
imagepath: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Name: AppleSyncNotifier
imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Name: APSDaemon
imagepath: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: TkBellExe
imagepath: "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
imagepath: C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
imagepath: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: Alerter
displayname: Alerter
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: Ati HotKey Poller
displayname: Ati HotKey Poller
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: brmfrmps
displayname: Brother Popup Suspend service for Resource manager
Name: Brother XP spl Service
displayname: BrSplService
Name: CCALib8
displayname: Canon Camera Access Library 8
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: gusvc
displayname: Google Software Updater
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: iPod Service
displayname: iPod Service
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: McAfee SiteAdvisor Service
displayname: McAfee SiteAdvisor Service
Name: MSIServer
displayname: Windows Installer
Name: MsMpSvc
displayname: Microsoft Antimalware Service
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RichVideo
displayname: Cyberlink RichVideo Service(CRVS)
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service

Share this post


Link to post
Share on other sites
The OTL Log:


OTL logfile created on: 12/13/2011 3:53:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.16% Memory free
4.25 Gb Paging File | 3.65 Gb Available in Paging File | 85.94% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 25.16 Gb Free Space | 5.40% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS

Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (MpKsl02585e95) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1894C3C0-CB99-4CBF-857A-D5FA9B8250C6}\MpKsl02585e95.sys (Microsoft Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "[url="http://search.yahoo.com/search?fr=mcafee&p"]http://search.yahoo.com/search?fr=mcafee&p[/url]="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 14:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 15:01:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 15:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 15:01:35 | 000,000,000 | ---D | M]

[2009/10/24 05:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions
[2010/01/07 15:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/08 21:19:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/10 15:01:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/23 14:49:39 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/25 23:36:09 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2011/11/28 06:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [url="http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab"]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab[/url] (CDownloadCtrl Object)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} [url="http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB"]http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB[/url] (CTAdjust Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [url="http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab"]http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[/url] (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8B73F-953C-4EA5-88F0-F60B146891A1}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/01 12:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/18 12:26:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/11 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Skypehist
[2011/12/11 01:32:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/11 01:30:15 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/12/11 01:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/12/11 01:27:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/12/10 15:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/10 15:01:10 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/12/10 15:01:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/12/10 15:01:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/12/10 15:01:02 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/12/10 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/12/10 14:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real
[2011/12/10 14:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/29 01:06:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/28 06:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder
[2011/11/28 06:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/28 06:18:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/28 06:16:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/28 06:16:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/28 06:16:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/28 06:16:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/28 06:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 06:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 06:15:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/11/28 06:14:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/13 15:53:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/13 15:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 14:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/12 00:33:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/11 21:40:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/11 21:04:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/11 12:46:25 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 08:17:02 | 000,000,672 | -H-- | M] () -- C:\aaw7boot.cmd
[2011/12/11 02:08:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/11 01:51:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/11 01:32:10 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 01:32:09 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 01:30:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/11 01:27:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/12/11 01:21:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
[2011/12/11 01:20:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/11 01:20:58 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/12/10 15:01:31 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/12/10 15:01:10 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/12/10 15:01:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/12/10 15:01:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/12/10 15:01:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/12/10 14:41:39 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
[2011/12/10 14:40:35 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/10 14:34:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/08 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 21:57:02 | 000,016,958 | ---- | M] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg
[2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/28 06:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/28 06:18:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM
[2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr
[2011/11/28 06:04:30 | 000,000,408 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM
[2011/11/21 05:45:29 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
[2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys
[2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2011/11/14 14:53:33 | 000,199,680 | R--- | M] () -- C:\Documents and Settings\User\Desktop\Backup of paul667UpgradeResume.wbk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/11 08:17:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 08:17:02 | 000,000,672 | -H-- | C] () -- C:\aaw7boot.cmd
[2011/12/11 01:30:24 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/11 01:30:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/10 15:01:31 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/12/10 14:40:35 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/02 21:57:08 | 000,016,958 | ---- | C] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg
[2011/11/28 06:23:44 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011/11/28 06:23:44 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/11/28 06:23:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/28 06:23:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/28 06:23:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/28 06:23:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/28 06:23:31 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/11/28 06:23:31 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/28 06:23:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/28 06:23:31 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk
[2011/11/28 06:23:30 | 000,002,379 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/11/28 06:23:30 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2011/11/28 06:23:30 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/28 06:23:30 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZIP RAR ACE Password Recovery.lnk
[2011/11/28 06:23:30 | 000,001,620 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 06:23:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/11/28 06:23:30 | 000,001,083 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Kane's Wrath.lnk
[2011/11/28 06:23:30 | 000,000,981 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/28 06:23:30 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk
[2011/11/28 06:23:30 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/11/28 06:23:30 | 000,000,815 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/28 06:23:30 | 000,000,800 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/28 06:23:30 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/28 06:23:29 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk
[2011/11/28 06:23:29 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2011/11/28 06:23:29 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk
[2011/11/28 06:23:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/28 06:23:29 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Pacific Assault(tm).lnk
[2011/11/28 06:23:29 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer™ Red Alert™ 3.lnk
[2011/11/28 06:23:29 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2011/11/28 06:23:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/11/28 06:23:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/28 06:23:29 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk
[2011/11/28 06:23:29 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK
[2011/11/28 06:23:29 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/11/28 06:23:29 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/11/28 06:23:29 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/11/28 06:23:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/28 06:23:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk
[2011/11/28 06:23:29 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/28 06:23:29 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GetRight.lnk
[2011/11/28 06:23:29 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2011/11/28 06:23:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2011/11/28 06:23:29 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2011/11/28 06:18:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/28 06:18:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/28 06:16:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/28 06:16:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/28 06:16:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/28 06:16:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/28 06:16:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/28 06:08:22 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr
[2011/11/28 06:08:21 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM
[2011/11/28 06:04:09 | 000,000,408 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM
[2011/08/01 15:47:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/08/01 15:47:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/02/09 04:19:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe
[2009/12/18 04:47:54 | 000,000,898 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2009/11/18 18:04:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/29 04:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/10/27 04:40:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/10/27 04:40:28 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/10/27 04:40:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/10/27 04:40:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/10/27 04:40:28 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/10/27 04:40:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/10/27 04:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/10/24 05:29:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/23 17:18:36 | 000,071,760 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/20 01:44:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/20 01:44:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/20 01:42:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/20 01:03:42 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/19 18:57:27 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2009/10/19 14:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/19 14:41:16 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/10/19 14:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/10/08 23:57:57 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/10/08 23:57:56 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/10/08 23:54:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/03 14:09:26 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006/02/01 15:04:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/01 14:29:45 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/01 14:28:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/01 14:15:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/02/01 13:25:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/01 13:22:44 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/02/01 13:22:39 | 000,188,348 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/01 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/01 12:42:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/01 04:32:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/01 04:29:29 | 000,332,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2011/01/04 17:22:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/08/01 15:47:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/03/16 21:49:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/08/07 14:13:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/19 16:21:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/01/04 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX
[2009/11/25 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Kane's Wrath
[2009/11/04 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars
[2011/01/28 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRight
[2010/04/17 03:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3
[2010/04/04 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 Demo
[2009/11/05 00:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template
[2009/12/19 07:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ZIP RAR ACE Password Recovery
[2011/12/12 00:33:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/11 02:08:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/01/25 09:20:52 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc
[2011/01/19 14:57:07 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc
[2011/01/15 18:12:54 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc
[2010/12/28 23:23:49 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc
[2010/07/12 12:22:55 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc
[2010/07/09 19:41:26 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc
< End of report >

Share this post


Link to post
Share on other sites
The Extras.txt log:

OTL Extras logfile created on: 12/13/2011 3:53:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.16% Memory free
4.25 Gb Paging File | 3.65 Gb Available in Paging File | 85.94% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 25.16 Gb Free Space | 5.40% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS

Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm) -- (Electronic Arts Inc.)
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6A604678-4B8E-4E76-B50E-EC25E42B09E5}" = ZIP RAR ACE Password Recovery
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77C84C38-E592-4A33-AB99-FA524120452F}" = Ad-Aware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998F2DE0-3128-43B7-9A1C-D85A339659A9}" = oRipa MSN Webcam Recorder2.0.1
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"ATI Display Driver" = ATI Display Driver
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729)
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Manager" = Download Manager 2.3.10
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"GetRight_is1" = GetRight
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Money2006b" = Microsoft Money 2006
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"PROSet" = Intel(R) Network Connections Drivers
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"Steam App 10" = Counter-Strike
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VirtuaGirl_is1" = VirtuaGirl version 1.0.6.99

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 12/7/2011 12:54:54 AM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.4.6.252, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4.

Error - 12/9/2011 12:24:10 AM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03a953d2.

Error - 12/9/2011 12:24:50 AM | Computer Name = XPHOMEPC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2011 8:15:03 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
unknown, version 0.0.0.0, fault address 0x6034a064.

Error - 12/11/2011 3:57:04 AM | Computer Name = XPHOMEPC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 12/11/2011 1:44:12 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module divxdech264.ax, version 8.2.0.26, fault address 0x00036163.

Error - 12/11/2011 1:46:29 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module divxdech264.ax, version 8.2.0.26, fault address 0x00036163.

Error - 12/11/2011 1:46:56 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module divxdech264.ax, version 8.2.0.26, fault address 0x00036163.

Error - 12/11/2011 7:47:37 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.4.6.252, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4.

Error - 12/11/2011 8:03:57 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module divxdech264.ax, version 8.2.0.26, fault address 0x00036163.

[ System Events ]
Error - 12/11/2011 1:19:46 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 12/11/2011 1:44:42 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 12/11/2011 8:02:26 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 12/11/2011 9:41:35 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/11/2011 9:41:43 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/11/2011 9:47:14 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/11/2011 10:02:57 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 12/11/2011 10:09:00 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/12/2011 9:16:40 AM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 12/13/2011 2:31:32 AM | Computer Name = XPHOMEPC | Source = Microsoft Antimalware | ID = 1014
Description = %%860 has encountered an error trying to remove history of malware
and other potentially unwanted software. Time: ?11/?13/?2011 1:31:32 AM User: NT
AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied.


< End of report >

Share this post


Link to post
Share on other sites
The Combofix log:

ComboFix 11-11-28.02 - User 11/28/2011 6:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3068.2327 [GMT -5:00]
Running from: c:\paul\Stuff\From Sites\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\fMwpcjPgnBH.exe
c:\documents and settings\All Users\Application Data\qUSTcS5IHSLWkM.exe
c:\documents and settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\User\Desktop\System Fix.lnk
c:\documents and settings\User\Start Menu\Programs\System Fix
c:\documents and settings\User\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\User\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\program files\Shared
c:\program files\Shared\lib.sig
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 11:04 . 2011-11-28 11:04 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl71ec75e4.sys
2011-11-28 11:01 . 2011-11-28 11:01 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys
2011-11-28 10:50 . 2011-11-28 10:50 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl11b2d597.sys
2011-11-28 10:49 . 2011-11-28 11:03 56200 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\offreg.dll
2011-11-28 10:49 . 2011-10-07 03:48 6668624 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2006-02-01 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2010-10-17 09:56 6668624 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2004-10-01 20:00 . 2006-02-01 19:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-18 303104]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384]
"SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2010-08-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-21 274608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-10-27 815104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 MpKsl11b2d597;MpKsl11b2d597;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl11b2d597.sys [11/28/2011 5:50 AM 28752]
R1 MpKsl71ec75e4;MpKsl71ec75e4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl71ec75e4.sys [11/28/2011 6:04 AM 28752]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/20/2009 2:31 AM 149600]
S1 MpKslcb048975;MpKslcb048975;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys [11/28/2011 6:01 AM 28752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/15/2010 10:23 PM 94880]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL71EC75E4
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 04:52]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31]
.
2011-11-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-11-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-11-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-fMwpcjPgnBH.exe - c:\documents and settings\All Users\Application Data\fMwpcjPgnBH.exe
MSConfigStartUp-Microsoft Location Finder - c:\program files\Microsoft Location Finder\LocationFinder.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
AddRemove-vghd - c:\documents and settings\User\Start Menu\Programs\VirtuaGirl\uninstall.lnk
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-11-28 06:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\User\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,49,e2,b9,30,c2,df,fa,bb,0d,6f,eb,43,56,fd,70,fa,d1,16,ac,cb,1c,a3,
b0,f4,56,0c,93,c2,57,17,ef,3e,9f,cc,ab,5f,b8,27,57,b5,66,ee,f6,71,57,2b,fa,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\License information*]
"datasecu"=hex:ef,0b,23,59,e1,bc,4f,af,8f,16,99,14,b0,5d,93,23,08,2a,fa,1c,29,
13,af,20,b7,e3,b2,a6,35,57,84,d3,f4,6f,5b,32,c1,dd,cc,5d,a8,25,6c,03,05,7b,\
"rkeysecu"=hex:8a,08,2b,5b,b4,d9,0a,0c,f7,53,19,a6,13,7f,4f,13
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
.
Completion time: 2011-11-28 06:28:46
ComboFix-quarantined-files.txt 2011-11-28 11:28
.
Pre-Run: 22,214,918,144 bytes free
Post-Run: 30,022,045,696 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6CED48A75995DE7B9DFE7DB14DB9FC21

Share this post


Link to post
Share on other sites
1.
Uninstall "J2SE Runtime Environment 5.0 Update 6" since it is a very old version of Java with many vulnerabilities, which makes it easy to infect the computer from a web page.

2.
Have you noticed that files or folders have disappeared, for example from desktop or start menu? It is rather common with "System Fix" infection.

3.
The infection has changed some proxy settings. Please, check that they are correct:

Control panel - Internet Options - Connections - LAN settings
Click on Advanced
Remove content in such a way that all fields belonging to the header "Servers" are empty.
Click OK
If anything in the field Address, remove it.
Uncheck "Use a proxy server..."

Firefox - Tools - Properties - Advanced - Network - Settings
Select "No proxy".

4.
Save TDSSKiller on the Desktop:
[url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]

Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

Share this post


Link to post
Share on other sites
1. I uninstalled J2SE.

2. I had to manually unhide folders and restore my start menu and desktop icons.

3. I didn't have an "Advanced" option under LAN settings, but I did uncheck the box for "Use a proxy server..."

4. Here is the TDSSKiller log:

22:22:19.0972 8424 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:22:20.0206 8424 ============================================================
22:22:20.0206 8424 Current date / time: 2011/12/13 22:22:20.0206
22:22:20.0206 8424 SystemInfo:
22:22:20.0206 8424
22:22:20.0206 8424 OS Version: 5.1.2600 ServicePack: 3.0
22:22:20.0206 8424 Product type: Workstation
22:22:20.0206 8424 ComputerName: XPHOMEPC
22:22:20.0206 8424 UserName: User
22:22:20.0206 8424 Windows directory: C:\WINDOWS
22:22:20.0206 8424 System windows directory: C:\WINDOWS
22:22:20.0206 8424 Processor architecture: Intel x86
22:22:20.0206 8424 Number of processors: 2
22:22:20.0206 8424 Page size: 0x1000
22:22:20.0206 8424 Boot type: Normal boot
22:22:20.0206 8424 ============================================================
22:22:22.0347 8424 Initialize success
22:22:48.0644 4172 ============================================================
22:22:48.0644 4172 Scan started
22:22:48.0644 4172 Mode: Manual;
22:22:48.0644 4172 ============================================================
22:22:49.0769 4172 Abiosdsk - ok
22:22:49.0784 4172 abp480n5 - ok
22:22:49.0847 4172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:22:49.0847 4172 ACPI - ok
22:22:49.0863 4172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:22:49.0863 4172 ACPIEC - ok
22:22:49.0909 4172 ADIHdAudAddService (ca8e9f1e8c74b99f90a7f6c7df3c2572) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:22:49.0909 4172 ADIHdAudAddService - ok
22:22:49.0925 4172 adpu160m - ok
22:22:49.0972 4172 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
22:22:49.0972 4172 AEAudio - ok
22:22:49.0988 4172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:22:49.0988 4172 aec - ok
22:22:50.0019 4172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:22:50.0019 4172 AFD - ok
22:22:50.0019 4172 Aha154x - ok
22:22:50.0034 4172 aic78u2 - ok
22:22:50.0034 4172 aic78xx - ok
22:22:50.0050 4172 AliIde - ok
22:22:50.0050 4172 amsint - ok
22:22:50.0113 4172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:22:50.0113 4172 Arp1394 - ok
22:22:50.0128 4172 asc - ok
22:22:50.0128 4172 asc3350p - ok
22:22:50.0128 4172 asc3550 - ok
22:22:50.0175 4172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:22:50.0175 4172 AsyncMac - ok
22:22:50.0191 4172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:22:50.0191 4172 atapi - ok
22:22:50.0191 4172 Atdisk - ok
22:22:50.0284 4172 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:22:50.0347 4172 ati2mtag - ok
22:22:50.0347 4172 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys
22:22:50.0363 4172 AtiHdmiService - ok
22:22:50.0378 4172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:22:50.0378 4172 Atmarpc - ok
22:22:50.0425 4172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:22:50.0425 4172 audstub - ok
22:22:50.0456 4172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:22:50.0456 4172 Beep - ok
22:22:50.0503 4172 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:22:50.0503 4172 BrScnUsb - ok
22:22:50.0519 4172 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:22:50.0519 4172 BrSerIf - ok
22:22:50.0519 4172 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:22:50.0519 4172 BrUsbSer - ok
22:22:50.0644 4172 catchme - ok
22:22:50.0675 4172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:22:50.0675 4172 cbidf2k - ok
22:22:50.0722 4172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:22:50.0722 4172 CCDECODE - ok
22:22:50.0738 4172 cd20xrnt - ok
22:22:50.0769 4172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:22:50.0769 4172 Cdaudio - ok
22:22:50.0784 4172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:22:50.0784 4172 Cdfs - ok
22:22:50.0800 4172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:22:50.0800 4172 Cdrom - ok
22:22:50.0800 4172 Changer - ok
22:22:50.0816 4172 CmdIde - ok
22:22:50.0831 4172 Cpqarray - ok
22:22:50.0831 4172 dac2w2k - ok
22:22:50.0847 4172 dac960nt - ok
22:22:50.0863 4172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:22:50.0863 4172 Disk - ok
22:22:50.0894 4172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:22:50.0909 4172 dmboot - ok
22:22:50.0925 4172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:22:50.0925 4172 dmio - ok
22:22:50.0956 4172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:22:50.0956 4172 dmload - ok
22:22:50.0988 4172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:22:50.0988 4172 DMusic - ok
22:22:50.0988 4172 dpti2o - ok
22:22:51.0003 4172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:22:51.0003 4172 drmkaud - ok
22:22:51.0034 4172 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:22:51.0034 4172 E100B - ok
22:22:51.0081 4172 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
22:22:51.0081 4172 e1kexpress - ok
22:22:51.0097 4172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:22:51.0097 4172 Fastfat - ok
22:22:51.0128 4172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:22:51.0128 4172 Fdc - ok
22:22:51.0144 4172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:22:51.0144 4172 Fips - ok
22:22:51.0159 4172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:22:51.0159 4172 Flpydisk - ok
22:22:51.0175 4172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:22:51.0191 4172 FltMgr - ok
22:22:51.0191 4172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:22:51.0191 4172 Fs_Rec - ok
22:22:51.0206 4172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:22:51.0206 4172 Ftdisk - ok
22:22:51.0222 4172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:22:51.0222 4172 GEARAspiWDM - ok
22:22:51.0222 4172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:22:51.0222 4172 Gpc - ok
22:22:51.0238 4172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:22:51.0238 4172 HDAudBus - ok
22:22:51.0253 4172 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
22:22:51.0253 4172 HECI - ok
22:22:51.0269 4172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:22:51.0269 4172 hidusb - ok
22:22:51.0284 4172 hpn - ok
22:22:51.0316 4172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:22:51.0316 4172 HTTP - ok
22:22:51.0331 4172 i2omgmt - ok
22:22:51.0331 4172 i2omp - ok
22:22:51.0347 4172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:22:51.0347 4172 i8042prt - ok
22:22:51.0472 4172 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:22:51.0566 4172 ialm - ok
22:22:51.0581 4172 igfx - ok
22:22:51.0581 4172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:22:51.0597 4172 Imapi - ok
22:22:51.0597 4172 ini910u - ok
22:22:51.0691 4172 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:22:51.0753 4172 IntcAzAudAddService - ok
22:22:51.0753 4172 IntelIde - ok
22:22:51.0800 4172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:22:51.0800 4172 intelppm - ok
22:22:51.0816 4172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:22:51.0816 4172 Ip6Fw - ok
22:22:51.0847 4172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:22:51.0847 4172 IpFilterDriver - ok
22:22:51.0863 4172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:22:51.0863 4172 IpInIp - ok
22:22:51.0894 4172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:22:51.0894 4172 IpNat - ok
22:22:51.0925 4172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:22:51.0925 4172 IPSec - ok
22:22:51.0941 4172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:22:51.0941 4172 IRENUM - ok
22:22:51.0988 4172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:22:51.0988 4172 isapnp - ok
22:22:52.0003 4172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:22:52.0003 4172 Kbdclass - ok
22:22:52.0050 4172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:22:52.0050 4172 kbdhid - ok
22:22:52.0066 4172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:22:52.0066 4172 kmixer - ok
22:22:52.0097 4172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:22:52.0097 4172 KSecDD - ok
22:22:52.0144 4172 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:22:52.0144 4172 Lbd - ok
22:22:52.0144 4172 lbrtfdc - ok
22:22:52.0222 4172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:22:52.0222 4172 mnmdd - ok
22:22:52.0253 4172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:22:52.0253 4172 Modem - ok
22:22:52.0253 4172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:22:52.0253 4172 Mouclass - ok
22:22:52.0300 4172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:22:52.0300 4172 mouhid - ok
22:22:52.0316 4172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:22:52.0316 4172 MountMgr - ok
22:22:52.0363 4172 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:22:52.0363 4172 MpFilter - ok
22:22:52.0472 4172 MpKsl02585e95 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1894C3C0-CB99-4CBF-857A-D5FA9B8250C6}\MpKsl02585e95.sys
22:22:52.0472 4172 MpKsl02585e95 - ok
22:22:52.0488 4172 MpKslcb048975 - ok
22:22:52.0488 4172 mraid35x - ok
22:22:52.0503 4172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:22:52.0503 4172 MRxDAV - ok
22:22:52.0550 4172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:22:52.0550 4172 MRxSmb - ok
22:22:52.0566 4172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:22:52.0566 4172 Msfs - ok
22:22:52.0581 4172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:22:52.0581 4172 MSKSSRV - ok
22:22:52.0597 4172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:22:52.0597 4172 MSPCLOCK - ok
22:22:52.0597 4172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:22:52.0613 4172 MSPQM - ok
22:22:52.0628 4172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:22:52.0628 4172 mssmbios - ok
22:22:52.0675 4172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:22:52.0675 4172 MSTEE - ok
22:22:52.0706 4172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:22:52.0706 4172 Mup - ok
22:22:52.0753 4172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:22:52.0753 4172 NABTSFEC - ok
22:22:52.0769 4172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:22:52.0769 4172 NDIS - ok
22:22:52.0784 4172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:22:52.0784 4172 NdisIP - ok
22:22:52.0800 4172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:22:52.0800 4172 NdisTapi - ok
22:22:52.0816 4172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:22:52.0816 4172 Ndisuio - ok
22:22:52.0847 4172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:22:52.0847 4172 NdisWan - ok
22:22:52.0878 4172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:22:52.0878 4172 NDProxy - ok
22:22:52.0878 4172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:22:52.0878 4172 NetBIOS - ok
22:22:52.0925 4172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:22:52.0925 4172 NetBT - ok
22:22:52.0956 4172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:22:52.0956 4172 NIC1394 - ok
22:22:52.0972 4172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:22:52.0972 4172 Npfs - ok
22:22:52.0988 4172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:22:52.0988 4172 Ntfs - ok
22:22:53.0050 4172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:22:53.0050 4172 Null - ok
22:22:53.0097 4172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:22:53.0097 4172 NwlnkFlt - ok
22:22:53.0097 4172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:22:53.0097 4172 NwlnkFwd - ok
22:22:53.0175 4172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:22:53.0175 4172 ohci1394 - ok
22:22:53.0206 4172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:22:53.0206 4172 Parport - ok
22:22:53.0206 4172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:22:53.0206 4172 PartMgr - ok
22:22:53.0238 4172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:22:53.0238 4172 ParVdm - ok
22:22:53.0269 4172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:22:53.0284 4172 PCI - ok
22:22:53.0284 4172 PCIDump - ok
22:22:53.0300 4172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:22:53.0300 4172 PCIIde - ok
22:22:53.0363 4172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:22:53.0363 4172 Pcmcia - ok
22:22:53.0394 4172 PD0620VID (4431f2fa27f56f4bc654b0af5810cc91) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
22:22:53.0409 4172 PD0620VID - ok
22:22:53.0409 4172 PDCOMP - ok
22:22:53.0409 4172 PDFRAME - ok
22:22:53.0425 4172 PDRELI - ok
22:22:53.0425 4172 PDRFRAME - ok
22:22:53.0441 4172 perc2 - ok
22:22:53.0441 4172 perc2hib - ok
22:22:53.0472 4172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:22:53.0472 4172 PptpMiniport - ok
22:22:53.0472 4172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:22:53.0488 4172 PSched - ok
22:22:53.0519 4172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:22:53.0519 4172 Ptilink - ok
22:22:53.0534 4172 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:22:53.0534 4172 PxHelp20 - ok
22:22:53.0550 4172 ql1080 - ok
22:22:53.0550 4172 Ql10wnt - ok
22:22:53.0566 4172 ql12160 - ok
22:22:53.0581 4172 ql1240 - ok
22:22:53.0581 4172 ql1280 - ok
22:22:53.0613 4172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:22:53.0613 4172 RasAcd - ok
22:22:53.0628 4172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:22:53.0628 4172 Rasl2tp - ok
22:22:53.0628 4172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:22:53.0628 4172 RasPppoe - ok
22:22:53.0644 4172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:22:53.0644 4172 Raspti - ok
22:22:53.0675 4172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:22:53.0675 4172 Rdbss - ok
22:22:53.0691 4172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:22:53.0691 4172 RDPCDD - ok
22:22:53.0738 4172 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:22:53.0738 4172 RDPWD - ok
22:22:53.0738 4172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:22:53.0738 4172 redbook - ok
22:22:53.0784 4172 RTL8023xp (760647db46457673f21b0c0b1ec78d02) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:22:53.0784 4172 RTL8023xp - ok
22:22:53.0816 4172 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:22:53.0816 4172 rtl8139 - ok
22:22:53.0847 4172 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:22:53.0847 4172 RTLE8023xp - ok
22:22:53.0863 4172 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
22:22:53.0863 4172 sbp2port - ok
22:22:53.0909 4172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:22:53.0909 4172 Secdrv - ok
22:22:53.0972 4172 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
22:22:53.0972 4172 SenFiltService - ok
22:22:53.0972 4172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:22:53.0988 4172 serenum - ok
22:22:53.0988 4172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:22:53.0988 4172 Serial - ok
22:22:54.0003 4172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:22:54.0003 4172 Sfloppy - ok
22:22:54.0050 4172 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
22:22:54.0050 4172 sfng32 - ok
22:22:54.0066 4172 Simbad - ok
22:22:54.0097 4172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:22:54.0097 4172 SLIP - ok
22:22:54.0128 4172 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys
22:22:54.0128 4172 SMBios - ok
22:22:54.0144 4172 Sparrow - ok
22:22:54.0144 4172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:22:54.0144 4172 splitter - ok
22:22:54.0175 4172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:22:54.0175 4172 sr - ok
22:22:54.0206 4172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:22:54.0206 4172 Srv - ok
22:22:54.0269 4172 STHDA (237ccbfc82b4c98435461972597f29d5) C:\WINDOWS\system32\drivers\sthda.sys
22:22:54.0284 4172 STHDA - ok
22:22:54.0316 4172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:22:54.0316 4172 streamip - ok
22:22:54.0347 4172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:22:54.0347 4172 swenum - ok
22:22:54.0347 4172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:22:54.0347 4172 swmidi - ok
22:22:54.0363 4172 symc810 - ok
22:22:54.0363 4172 symc8xx - ok
22:22:54.0378 4172 sym_hi - ok
22:22:54.0378 4172 sym_u3 - ok
22:22:54.0409 4172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:22:54.0409 4172 sysaudio - ok
22:22:54.0456 4172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:22:54.0456 4172 Tcpip - ok
22:22:54.0472 4172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:22:54.0472 4172 TDPIPE - ok
22:22:54.0503 4172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:22:54.0503 4172 TDTCP - ok
22:22:54.0503 4172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:22:54.0519 4172 TermDD - ok
22:22:54.0519 4172 TosIde - ok
22:22:54.0566 4172 tpm (298572a7e0d5a63a90e134bb34ccaceb) C:\WINDOWS\system32\DRIVERS\tpm.sys
22:22:54.0566 4172 tpm - ok
22:22:54.0597 4172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:22:54.0597 4172 Udfs - ok
22:22:54.0597 4172 ultra - ok
22:22:54.0659 4172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:22:54.0659 4172 Update - ok
22:22:54.0706 4172 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:22:54.0706 4172 USBAAPL - ok
22:22:54.0753 4172 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:22:54.0753 4172 usbaudio - ok
22:22:54.0800 4172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:22:54.0816 4172 usbccgp - ok
22:22:54.0847 4172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:22:54.0847 4172 usbehci - ok
22:22:54.0847 4172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:22:54.0847 4172 usbhub - ok
22:22:54.0878 4172 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:22:54.0878 4172 usbohci - ok
22:22:54.0894 4172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:22:54.0894 4172 usbprint - ok
22:22:54.0909 4172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:22:54.0909 4172 usbscan - ok
22:22:54.0925 4172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:22:54.0925 4172 USBSTOR - ok
22:22:54.0925 4172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:22:54.0925 4172 usbuhci - ok
22:22:54.0941 4172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:22:54.0941 4172 VgaSave - ok
22:22:54.0941 4172 ViaIde - ok
22:22:54.0972 4172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:22:54.0988 4172 VolSnap - ok
22:22:54.0988 4172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:22:54.0988 4172 Wanarp - ok
22:22:55.0003 4172 WDICA - ok
22:22:55.0019 4172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:22:55.0019 4172 wdmaud - ok
22:22:55.0081 4172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:22:55.0097 4172 WSTCODEC - ok
22:22:55.0128 4172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:22:55.0128 4172 WudfPf - ok
22:22:55.0144 4172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:22:55.0144 4172 WudfRd - ok
22:22:55.0175 4172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:22:55.0316 4172 \Device\Harddisk0\DR0 - ok
22:22:55.0331 4172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:22:55.0425 4172 \Device\Harddisk1\DR1 - ok
22:22:55.0441 4172 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk2\DR4
22:22:55.0441 4172 \Device\Harddisk2\DR4 - ok
22:22:55.0441 4172 Boot (0x1200) (2637e8f6c67c73585319b8ad5670a570) \Device\Harddisk0\DR0\Partition0
22:22:55.0441 4172 \Device\Harddisk0\DR0\Partition0 - ok
22:22:55.0456 4172 Boot (0x1200) (5c42d30e85a53c110fe77534a9c2114c) \Device\Harddisk1\DR1\Partition0
22:22:55.0456 4172 \Device\Harddisk1\DR1\Partition0 - ok
22:22:55.0456 4172 Boot (0x1200) (fc07604c553408059dcc42fcf2250cbc) \Device\Harddisk2\DR4\Partition0
22:22:55.0456 4172 \Device\Harddisk2\DR4\Partition0 - ok
22:22:55.0456 4172 ============================================================
22:22:55.0456 4172 Scan finished
22:22:55.0456 4172 ============================================================
22:22:55.0472 8840 Detected object count: 0
22:22:55.0472 8840 Actual detected object count: 0

Share this post


Link to post
Share on other sites
2. Please, read http://www.bleepingcomputer.com/forums/topic405109.html

To be as sure as possible that the computer is clean, run the following two programs:

1. Please, let aswMBR scan the computer, see <a href='http://public.avast.com/~gmerek/aswMBR.htm' class='bbc_url' title='External link' rel='nofollow external'>http://public.avast....erek/aswMBR.htm</a>

Follow only the first section, &quot;How to scan&quot;, and don't try to fix anything. Post its log.

2. Run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Un-check "Remove found threats"
Check "Scan Archives"

Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.

Share this post


Link to post
Share on other sites
I read the post on Unhide.exe and I ran the program, it says it worked.

I was unable to get to the aswMBR page, the link you gave did not work.

Here is the log.txt from ESET:


[email="[email protected]"][email protected][/email] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6a0dec90dd51bc45889abeb8b3c9d34d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-15 07:13:26
# local_time=2011-12-15 02:13:26 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 0 19856031 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=369234
# found=2
# cleaned=0
# scan_time=8446
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\prefs.js.BAK

Share this post


Link to post
Share on other sites
Sorry, that link looks strange after posting. New try: http://public.avast.com/~gmerek/aswMBR.htm

Delete the ComboFix you have and download a new version.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.
Paste the content of the log into your answer.

Paste a fresh OTL.txt, too.

Share this post


Link to post
Share on other sites
Here is the aswMBR log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-15 23:38:17
-----------------------------
23:38:17.437 OS Version: Windows 5.1.2600 Service Pack 3
23:38:17.437 Number of processors: 2 586 0x170A
23:38:17.437 ComputerName: XPHOMEPC UserName: User
23:38:18.421 Initialize success
23:39:13.515 AVAST engine defs: 11121502
23:39:24.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10
23:39:24.515 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
23:39:24.515 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1d
23:39:24.531 Disk 1 Vendor: WDC_WD2500JS-41MVB1 10.02E01 Size: 238475MB BusType: 3
23:39:24.640 Disk 2 \Device\Harddisk2\DR4 -> \Device\Sbp2\WD&My Book&0&0090a97a_62d92c23_Instance00
23:39:24.656 Disk 2 Vendor: WD______ 1028 Size: 953869MB BusType: 4
23:39:26.734 Disk 0 MBR read successfully
23:39:26.750 Disk 0 MBR scan
23:39:26.765 Disk 0 Windows XP default MBR code
23:39:26.781 Disk 0 scanning sectors +976768065
23:39:26.875 Disk 0 scanning C:\WINDOWS\system32\drivers
23:39:42.843 Service scanning
23:39:43.281 Service MpKsl80616ebd C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys **LOCKED** 32
23:39:44.437 Modules scanning
23:39:48.437 Disk 0 trace - called modules:
23:39:48.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:39:48.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af44ab8]
23:39:48.531 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-10[0x8af41d98]
23:39:49.687 AVAST engine scan C:\WINDOWS
23:40:11.218 AVAST engine scan C:\WINDOWS\system32
23:42:36.328 AVAST engine scan C:\WINDOWS\system32\drivers
23:42:59.890 AVAST engine scan C:\Documents and Settings\User
23:48:47.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
23:48:47.140 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites
Here is the Combofix log:

ComboFix 11-12-15.02 - User 12/16/2011 0:20.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3068.2185 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 03:34 . 2011-12-16 03:34 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys
2011-12-16 03:34 . 2011-12-16 03:34 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\offreg.dll
2011-12-16 03:34 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\mpengine.dll
2011-12-15 04:50 . 2011-12-15 04:50 -------- d-----w- c:\program files\ESET
2011-12-11 13:17 . 2011-12-11 06:32 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-11 06:32 . 2011-12-11 06:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-11 06:30 . 2011-12-02 12:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-11 06:30 . 2011-12-11 06:30 -------- d-----w- c:\program files\Lavasoft
2011-12-11 06:30 . 2011-12-11 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-12-10 20:01 . 2011-12-10 20:01 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-10 20:01 . 2011-12-10 20:01 -------- d-----w- c:\program files\Common Files\xing shared
2011-12-10 20:01 . 2011-12-10 20:01 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-10 20:01 . 2011-12-10 20:01 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-10 19:43 . 2011-12-10 19:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Real
2011-12-10 19:41 . 2011-12-11 06:20 -------- d-----w- c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:00 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-21 10:47 . 2010-10-17 09:56 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-10 14:22 . 2006-02-01 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2004-10-01 20:00 . 2006-02-01 19:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( [email="[email protected]_11.26.23"][email protected]_11.26.23[/email] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-11 06:30 . 2011-12-02 12:49 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
+ 2011-12-10 20:01 . 2011-12-10 20:01 18944 c:\windows\Installer\5481c.msi
+ 2011-12-10 20:00 . 2011-12-10 20:00 92672 c:\windows\Installer\5480f.msi
+ 2011-12-10 19:45 . 2011-12-10 19:45 22016 c:\windows\Installer\5478f.msi
+ 2011-12-10 20:01 . 2011-12-10 20:01 5632 c:\windows\system32\pndx5032.dll
- 2010-12-21 10:06 . 2010-12-21 10:06 5632 c:\windows\system32\pndx5032.dll
+ 2011-12-10 20:01 . 2011-12-10 20:01 6656 c:\windows\system32\pndx5016.dll
- 2010-12-21 10:06 . 2010-12-21 10:06 6656 c:\windows\system32\pndx5016.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 03:11 . 2009-07-12 03:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-12 03:11 . 2009-07-12 03:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-12 03:14 . 2009-07-12 03:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-12 03:11 . 2009-07-12 03:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2011-12-10 20:01 . 2011-12-10 20:01 198832 c:\windows\system32\rmoc3260.dll
- 2010-12-21 10:06 . 2010-12-21 10:06 272896 c:\windows\system32\pncrt.dll
+ 2011-12-10 20:01 . 2011-12-10 20:01 272896 c:\windows\system32\pncrt.dll
+ 2011-12-11 06:30 . 2011-12-11 06:30 7265280 c:\windows\Installer\73b09.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-18 303104]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384]
"SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2010-08-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-10 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-10-27 815104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/11/2011 1:30 AM 64512]
R1 MpKsl80616ebd;MpKsl80616ebd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys [12/15/2011 10:34 PM 29904]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/20/2009 2:31 AM 149600]
S1 MpKslcb048975;MpKslcb048975;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/15/2010 10:23 PM 94880]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL80616EBD
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 06:32]
.
2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 04:52]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31]
.
2011-12-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2011-12-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
AddRemove-RealPlayer 15.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2011-12-16 00:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,49,e2,b9,30,c2,df,fa,bb,0d,6f,eb,43,56,fd,70,fa,d1,16,ac,cb,1c,a3,
b0,f4,56,0c,93,c2,57,17,ef,3e,9f,cc,ab,5f,b8,27,57,b5,66,ee,f6,71,57,2b,fa,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\License information*]
"datasecu"=hex:ef,0b,23,59,e1,bc,4f,af,8f,16,99,14,b0,5d,93,23,08,2a,fa,1c,29,
13,af,20,b7,e3,b2,a6,35,57,84,d3,f4,6f,5b,32,c1,dd,cc,5d,a8,25,6c,03,05,7b,\
"rkeysecu"=hex:8a,08,2b,5b,b4,d9,0a,0c,f7,53,19,a6,13,7f,4f,13
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5328)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-16 00:26:53
ComboFix-quarantined-files.txt 2011-12-16 05:26
ComboFix2.txt 2011-12-13 21:37
.
Pre-Run: 26,376,257,536 bytes free
Post-Run: 27,262,976,000 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6E9C1644842621024FC9C60028587118

Share this post


Link to post
Share on other sites
Here is the OTL Log:

OTL logfile created on: 12/17/2011 3:35:10 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 20.57% Memory free
4.25 Gb Paging File | 2.16 Gb Available in Paging File | 50.96% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 24.43 Gb Free Space | 5.25% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS

Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (catchme) -- File not found
DRV - (MpKslc0149f27) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38CBD794-487A-4CF1-8A42-0576BC047793}\MpKslc0149f27.sys (Microsoft Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "[url="http://search.yahoo.com/search?fr=mcafee&p"]http://search.yahoo.com/search?fr=mcafee&p[/url]="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 14:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 15:01:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 15:01:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 15:01:35 | 000,000,000 | ---D | M]

[2009/10/24 05:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions
[2010/01/07 15:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/08 21:19:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/10 15:01:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/11/23 14:49:39 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/11/25 23:36:09 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2011/11/28 06:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [url="http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab"]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab[/url] (CDownloadCtrl Object)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} [url="http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB"]http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB[/url] (CTAdjust Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [url="http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab"]http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[/url] (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8B73F-953C-4EA5-88F0-F60B146891A1}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/01 12:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/18 12:26:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/16 00:26:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/16 00:17:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/16 00:15:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/16 00:07:58 | 004,340,692 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/12/14 23:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/13 22:22:05 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2011/12/13 22:19:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/11 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Skypehist
[2011/12/11 01:32:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 01:30:15 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/12/11 01:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/12/11 01:27:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/12/10 15:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/10 15:01:10 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/12/10 15:01:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/12/10 15:01:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/12/10 15:01:02 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/12/10 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/12/10 14:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real
[2011/12/10 14:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/11/28 06:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder
[2011/11/28 06:16:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/28 06:16:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/28 06:16:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/28 06:16:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/28 06:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 06:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 06:15:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools
[2011/11/28 06:14:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/17 15:33:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/17 14:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 14:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/17 14:41:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
[2011/12/16 07:22:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/16 01:51:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/16 00:17:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/15 23:48:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2011/12/15 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/14 22:33:06 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/14 22:28:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/14 22:27:59 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job
[2011/12/14 22:27:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 22:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/14 22:27:40 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/12/14 01:30:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/14 01:30:59 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/11 21:04:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/11 12:46:25 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 01:32:10 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 01:32:09 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 01:30:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/10 15:01:31 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/12/10 15:01:10 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/12/10 15:01:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/12/10 15:01:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/12/10 15:01:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/12/10 14:40:35 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/02 21:57:02 | 000,016,958 | ---- | M] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg
[2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/28 06:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/28 06:18:26 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM
[2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr
[2011/11/28 06:04:30 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM
[2011/11/21 05:45:29 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
[2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys
[2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/15 23:48:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2011/12/14 01:30:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/14 01:30:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/13 22:21:42 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2011/12/11 08:17:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 01:30:24 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/11 01:30:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/10 15:01:31 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/12/10 14:40:35 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/02 21:57:08 | 000,016,958 | ---- | C] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg
[2011/11/28 06:23:44 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011/11/28 06:23:44 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/11/28 06:23:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/28 06:23:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/28 06:23:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/28 06:23:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/28 06:23:31 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/11/28 06:23:31 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/28 06:23:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/28 06:23:31 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk
[2011/11/28 06:23:30 | 000,002,379 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/11/28 06:23:30 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2011/11/28 06:23:30 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/28 06:23:30 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZIP RAR ACE Password Recovery.lnk
[2011/11/28 06:23:30 | 000,001,620 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 06:23:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/11/28 06:23:30 | 000,001,083 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Kane's Wrath.lnk
[2011/11/28 06:23:30 | 000,000,981 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/28 06:23:30 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk
[2011/11/28 06:23:30 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/11/28 06:23:30 | 000,000,815 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/28 06:23:30 | 000,000,800 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/28 06:23:30 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/28 06:23:29 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk
[2011/11/28 06:23:29 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2011/11/28 06:23:29 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk
[2011/11/28 06:23:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/11/28 06:23:29 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Pacific Assault(tm).lnk
[2011/11/28 06:23:29 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer™ Red Alert™ 3.lnk
[2011/11/28 06:23:29 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk
[2011/11/28 06:23:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2011/11/28 06:23:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/28 06:23:29 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk
[2011/11/28 06:23:29 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK
[2011/11/28 06:23:29 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk
[2011/11/28 06:23:29 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk
[2011/11/28 06:23:29 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/11/28 06:23:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/28 06:23:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk
[2011/11/28 06:23:29 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/28 06:23:29 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GetRight.lnk
[2011/11/28 06:23:29 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2011/11/28 06:23:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2011/11/28 06:23:29 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk
[2011/11/28 06:18:26 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2011/11/28 06:18:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/28 06:16:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/28 06:16:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/28 06:16:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/28 06:16:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/28 06:16:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/28 06:08:22 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr
[2011/11/28 06:08:21 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM
[2011/11/28 06:04:09 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM
[2011/08/01 15:47:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/08/01 15:47:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/02/09 04:19:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe
[2009/12/18 04:47:54 | 000,000,898 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2009/11/18 18:04:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/29 04:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/10/27 04:40:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/10/27 04:40:28 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/10/27 04:40:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/10/27 04:40:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/10/27 04:40:28 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/10/27 04:40:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/10/27 04:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/10/24 05:29:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/23 17:18:36 | 000,071,760 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/20 01:44:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/20 01:44:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/20 01:42:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/20 01:03:42 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/19 18:57:27 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2009/10/19 14:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/19 14:41:16 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/10/19 14:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/10/08 23:57:57 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/10/08 23:57:56 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/10/08 23:54:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/03 14:09:26 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006/02/01 15:04:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/01 14:29:45 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/01 14:28:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/01 14:15:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/02/01 13:25:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/01 13:22:44 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/02/01 13:22:39 | 000,188,348 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/01 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/01 12:42:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/01 04:32:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/01 04:29:29 | 000,332,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2011/01/04 17:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/08/01 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/08/07 14:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/19 16:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2011/01/04 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX
[2009/11/25 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Kane's Wrath
[2009/11/04 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars
[2011/01/28 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRight
[2010/04/17 03:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3
[2010/04/04 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 Demo
[2009/11/05 00:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template
[2010/09/15 03:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vghd
[2009/12/19 07:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ZIP RAR ACE Password Recovery
[2011/12/14 22:28:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/14 22:33:06 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/01/25 09:20:52 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc
[2011/01/19 14:57:07 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc
[2011/01/15 18:12:54 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc
[2010/12/28 23:23:49 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc
[2010/07/12 12:22:55 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc
[2010/07/09 19:41:26 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc
< End of report >

Share this post


Link to post
Share on other sites
Please, close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingcomputer.com/forums/topic114351.html

Start the program OTL.
Copy all the lines in the box:
[code]
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM
[2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr
[2011/11/28 06:04:30 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM
:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
[REBOOT]
[/code]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

Do a full scan with Ad-Aware and if anything is found, please paste that log, too.

Share this post


Link to post
Share on other sites
Here is the OTL log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM moved successfully.
C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr moved successfully.
C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 12768 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: User
->Temp folder emptied: 21105 bytes
->Temporary Internet Files folder emptied: 314675317 bytes
->Java cache emptied: 776944 bytes
->FireFox cache emptied: 88434322 bytes
->Google Chrome cache emptied: 6322005 bytes
->Flash cache emptied: 281598 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 12996113 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32120 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9868 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 406.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12182011_140418
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\collegehumor.e0088093ce21eb5095e5017e54e17d1e[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\dot[1].gif not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\i3a[1].js not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\logCA4HNKAC.htm not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\logCAYFP4L4.htm not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\tops[1].js not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\273938_1343406536_541783836_q[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\372088_502316609_543885776_q[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\373378_126406450745685_1772439670_s[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\393440_258244987571236_171828799546189_742742_1517764592_a[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\5621205596[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0190[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0370[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0387[2].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0389[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\log[1].htm not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\video_content;rating=pg13;ctype=video;referrer=collegehumor[1].com;video_id=6547456;tag=rap;tag=music;tag=complain;sz=728x91;tile=6;sec=video_content;ord=96627112 not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\0543b1c3a746d0a40f1ded6dee229dbc[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\0bce88c22c61979b8ad0f537d78edd78[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312321085-877201835[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312528024-9078559[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312832501-608995609[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\184x138-6882442[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1985624[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\2720620378[1].html not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\273978_55202261_717339691_q[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\41009[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\cont_310_top[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\dailylinks[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\ETC121211AngelinaJolieBloodandHoneyOnline_220x130_2176087523[1].jpg not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\jquery.1.4.4.min[1].js not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\jquery.min[1].js not found!
File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\top1_new[1].jpg not found!
Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
New Ad-Aware log:

Logfile created: 12/18/2011 14:38:26
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: User
*********************** Definitions database information ***********************
Lavasoft definition file: 150.654
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 11269.0
******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 56121
Objects detected: 10

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 10
Browser hijacks.: 0
MRU objects.....: 0

Removed items:
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0
Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0
Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0
Description: *webpower* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409354 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Scan and cleaning complete: Finished correctly after 235 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sun Dec 11 07:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sun Dec 11 13:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sun Dec 11 19:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true

****************************** System information ******************************
Computer name: XPHOMEPC
Processor name: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Processor identifier: x86 Family 6 Model 23 Stepping 10
Processor speed: ~2500MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5898, number of processors 2, processor features: [MMX,SSE,SSE2]
Physical memory available: 2079723520 bytes
Physical memory total: 3216564224 bytes
Virtual memory available: 1908400128 bytes
Virtual memory total: 2147352576 bytes
Memory load: 35%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 600 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 676 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 708 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 764 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 936 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 956 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1024 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1128 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1164 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1264 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1384 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1488 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1560 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1660 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1728 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1736 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1872 name: C:\WINDOWS\Explorer.EXE owner: User domain: XPHOMEPC
PID: 1688 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1808 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1908 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2008 name: C:\WINDOWS\system32\Brmfrmps.exe owner: SYSTEM domain: NT AUTHORITY
PID: 980 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT AUTHORITY
PID: 432 name: C:\Program Files\Analog Devices\Core\smax4pnp.exe owner: User domain: XPHOMEPC
PID: 504 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: User domain: XPHOMEPC
PID: 1184 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: XPHOMEPC
PID: 1572 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1216 name: C:\Program Files\Real\RealPlayer\update\realsched.exe owner: User domain: XPHOMEPC
PID: 1348 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: XPHOMEPC
PID: 2100 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2220 name: C:\WINDOWS\system32\ctfmon.exe owner: User domain: XPHOMEPC
PID: 3204 name: C:\WINDOWS\system32\rundll32.exe owner: User domain: XPHOMEPC
PID: 3220 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3292 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3636 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3748 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2564 name: C:\Documents and Settings\User\Local Settings\Application Data\vghd\bin\VirtuaGirl_Downloader.exe owner: User domain: XPHOMEPC
PID: 3032 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: XPHOMEPC
PID: 544 name: C:\Program Files\Skype\Phone\Skype.exe owner: User domain: XPHOMEPC
PID: 588 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: XPHOMEPC
PID: 2188 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2152 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY
Startup items:
Name: SigmatelSysTrayApp
imagepath: sttray.exe
Name: NeroFilterCheck
imagepath: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Name: RTHDCPL
imagepath: RTHDCPL.EXE
Name: IgfxTray
imagepath: C:\WINDOWS\system32\igfxtray.exe
Name: HotKeysCmds
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: Persistence
imagepath: C:\WINDOWS\system32\igfxpers.exe
Name: SoundMAXPnP
imagepath: C:\Program Files\Analog Devices\Core\smax4pnp.exe
Name: SetDefPrt
imagepath: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: CanonMyPrinter
imagepath: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Name: CanonSolutionMenu
imagepath: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
Name: MSC
imagepath: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Name: AppleSyncNotifier
imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Name: APSDaemon
imagepath: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: TkBellExe
imagepath: "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
Name: DWQueuedReporting
imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
imagepath: C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: Alerter
displayname: Alerter
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: Ati HotKey Poller
displayname: Ati HotKey Poller
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: brmfrmps
displayname: Brother Popup Suspend service for Resource manager
Name: Brother XP spl Service
displayname: BrSplService
Name: CCALib8
displayname: Canon Camera Access Library 8
Name: CryptSvc
displayname: CryptSvc
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: iPod Service
displayname: iPod Service
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MSIServer
displayname: Windows Installer
Name: MsMpSvc
displayname: Microsoft Antimalware Service
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RichVideo
displayname: Cyberlink RichVideo Service(CRVS)
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration

Share this post


Link to post
Share on other sites
Things seem to be running better, however three issues are still occurring(caused by whatever System Fix did):

1) Whenever I open Internet Explorer, it gives me a message saying a program has tried to change my default search engine, acknowledging this message brings up a window that asks me to set my default search engine(which IE is setting automatically as Bing.com). This happens everytime no matter how many times I set my default search engine, if I quit IE and open it again, same thing)

2)Realplayer crashes everytime I try to run it. It pops up a window saying "Fatal Application Exit. Exiting Application" and the only button is an "OK" button, after which Realplayer quits.

3)Adobe Acrobat Reader: When I try to open a PDF(either a saved one on my hard drive or an e-mail attachment), I get the following error window:

"Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

This application has requested the runtime to terminate it in an unusual way. Please contact the application's support team for more information."

After which it closes. I updated it after completing all the scans and fixes we did, but this problem has not gone away with Acrobat Reader.

Share this post


Link to post
Share on other sites
1) Does it say to which search engine or which program? It might for example be McAfee SiteAdvisor that does it.

2 and 3) Have you tried to uninstall the two programs and restarted the computer before trying to install the latest version of them again?
Adobe Reader 9 is not the latest version. http://get.adobe.com/reader/
If you only use Adobe Reader for reading simple PDF files, there are other alternatives as FoxIt Reader (do not install any suggested toolbars) and Sumatra PDF.

4) Run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Un-check "Remove found threats"
Check "Scan Archives"

Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this