snipes 0 Report post Posted December 11, 2011 I got hit with the system fix virus and after trying everything I could think of I threw ComboFix at it(I know, risky, but I was desperate). ComboFix managed to restore my PC, but I ran Ad-Aware and it still found lots of objects. I can't run Real Player or Skype(everytime I try I get a Fatal Error or Disk I/O error), I've tried reinstalling Real Player but that didn't work. Everytime I open up INternet Explorer a message pops up telling me a program tried to change my default search engine. I don't know what to do to regain control and get some of my programs back up and running again...Help... Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 13, 2011 Please, to get help with cleaning your computer try to follow the instructions in the topic [url=http://www.lavasoftsupport.com/index.php?showtopic=30823]Read This Before You Post![/url]. Please, also post the existing log from ComboFix that you find as C:\Combofix.txt. PS. To get an email when I reply, please click "Follow this topic" button, which is located rather close to the upper right corner. Share this post Link to post Share on other sites
snipes 0 Report post Posted December 13, 2011 Sorry, here is the Ad-Aware log: Logfile created: 12/11/2011 01:33:06 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: User *********************** Definitions database information *********************** Lavasoft definition file: 150.646 Genotype definition file version: 2011/09/21 13:56:01 Extended engine definition file: 11233.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 437230 Objects detected: 42 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 3 Folders.........: 0 LSPs............: 0 Cookies.........: 39 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0 Description: *insightexpressai* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409259 Family ID: 0 Description: *pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408826 Family ID: 0 Description: *gator* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408861 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *ads.pointroll* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408927 Family ID: 0 Description: *mrskin* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409189 Family ID: 0 Description: *pro-market* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408823 Family ID: 0 Description: *247realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408945 Family ID: 0 Description: *realmedia* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409139 Family ID: 0 Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *.bridgetrack* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409095 Family ID: 0 Description: *clickz* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408888 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0 Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0 Description: *rambler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408818 Family ID: 0 Description: *rotator.adjuggler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409135 Family ID: 0 Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0 Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0 Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0 Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0 Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *webpower* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409354 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Quarantined items: Description: c:\documents and settings\user\application data\sun\java\deployment\cache\javapi\v1.0\jar\field.jar-4b7a49e1-3494cc85.zip::json/parser.class Family Name: Trojan.Java.Blacole.a (v) Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: Description: e:\documents and settings\paul\local settings\temporary internet files\content.ie5\jrvpjnec\animated_favicon1[1].htm Family Name: Trojan-Downloader.JS.Gumblar.w (v) Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 9f2ff1ebba941a78fe09f5fe4c230afa Description: e:\system volume information\_restore{9c35f2cb-3c94-4996-b38e-d25671c88286}\rp258\a0083238.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 334ee328da36cc99e4e6fac69dc62a8f Scan and cleaning complete: Finished correctly after 24224 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,E:\,F:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Dec 11 07:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Dec 11 13:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Dec 11 19:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: XPHOMEPC Processor name: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Processor identifier: x86 Family 6 Model 23 Stepping 10 Processor speed: ~2500MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5898, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 2123194368 bytes Physical memory total: 3216564224 bytes Virtual memory available: 1899130880 bytes Virtual memory total: 2147352576 bytes Memory load: 33% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 600 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 672 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 704 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 748 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 760 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 932 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 952 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1016 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1120 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY PID: 1156 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1276 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1364 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1496 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1620 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1636 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1644 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1108 name: C:\WINDOWS\Explorer.EXE owner: User domain: XPHOMEPC PID: 804 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1716 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1780 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 1820 name: C:\WINDOWS\system32\Brmfrmps.exe owner: SYSTEM domain: NT AUTHORITY PID: 388 name: c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe owner: SYSTEM domain: NT AUTHORITY PID: 1388 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT AUTHORITY PID: 1732 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 144 name: C:\Program Files\Analog Devices\Core\smax4pnp.exe owner: User domain: XPHOMEPC PID: 164 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: User domain: XPHOMEPC PID: 660 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: XPHOMEPC PID: 364 name: C:\Program Files\Real\RealPlayer\update\realsched.exe owner: User domain: XPHOMEPC PID: 968 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: XPHOMEPC PID: 1832 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY PID: 2060 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: User domain: XPHOMEPC PID: 2284 name: C:\WINDOWS\system32\ctfmon.exe owner: User domain: XPHOMEPC PID: 2692 name: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe owner: User domain: XPHOMEPC PID: 3368 name: C:\WINDOWS\system32\rundll32.exe owner: User domain: XPHOMEPC PID: 3412 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3756 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1720 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: User domain: XPHOMEPC PID: 128 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 664 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 580 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 3008 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: User domain: XPHOMEPC PID: 2688 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY PID: 4064 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 2196 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 640 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: XPHOMEPC PID: 3348 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3768 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 2672 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: XPHOMEPC PID: 1392 name: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe owner: SYSTEM domain: NT AUTHORITY Startup items: Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: SigmatelSysTrayApp imagepath: sttray.exe Name: NeroFilterCheck imagepath: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Name: RTHDCPL imagepath: RTHDCPL.EXE Name: IgfxTray imagepath: C:\WINDOWS\system32\igfxtray.exe Name: HotKeysCmds imagepath: C:\WINDOWS\system32\hkcmd.exe Name: Persistence imagepath: C:\WINDOWS\system32\igfxpers.exe Name: SoundMAXPnP imagepath: C:\Program Files\Analog Devices\Core\smax4pnp.exe Name: SetDefPrt imagepath: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: CanonMyPrinter imagepath: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon Name: CanonSolutionMenu imagepath: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon Name: MSC imagepath: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Name: APSDaemon imagepath: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: TkBellExe imagepath: "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk imagepath: C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk imagepath: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Name: imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: Alerter displayname: Alerter Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: Ati HotKey Poller displayname: Ati HotKey Poller Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Bonjour Service displayname: Bonjour Service Name: brmfrmps displayname: Brother Popup Suspend service for Resource manager Name: Brother XP spl Service displayname: BrSplService Name: CCALib8 displayname: Canon Camera Access Library 8 Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: gusvc displayname: Google Software Updater Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: iPod Service displayname: iPod Service Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: McAfee SiteAdvisor Service displayname: McAfee SiteAdvisor Service Name: MSIServer displayname: Windows Installer Name: MsMpSvc displayname: Microsoft Antimalware Service Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RichVideo displayname: Cyberlink RichVideo Service(CRVS) Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Share this post Link to post Share on other sites
snipes 0 Report post Posted December 13, 2011 The OTL Log: OTL logfile created on: 12/13/2011 3:53:54 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.16% Memory free 4.25 Gb Paging File | 3.65 Gb Available in Paging File | 85.94% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 25.16 Gb Free Space | 5.40% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll () MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll () MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\devenum.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AppMgmt) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (MpKsl02585e95) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1894C3C0-CB99-4CBF-857A-D5FA9B8250C6}\MpKsl02585e95.sys (Microsoft Corporation) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "[url="http://search.yahoo.com/search?fr=mcafee&p"]http://search.yahoo.com/search?fr=mcafee&p[/url]=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 14:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 15:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 15:01:35 | 000,000,000 | ---D | M] [2009/10/24 05:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions [2010/01/07 15:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/08 21:19:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/12/10 15:01:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/11/23 14:49:39 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2011/11/25 23:36:09 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2011/11/28 06:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [url="http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab"]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab[/url] (CDownloadCtrl Object) O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} [url="http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB"]http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB[/url] (CTAdjust Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/url] (Java Plug-in 1.5.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [url="http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab"]http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[/url] (CTAdjust Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8B73F-953C-4EA5-88F0-F60B146891A1}: DhcpNameServer = 64.71.255.198 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/01 12:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/12/18 12:26:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/11 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Skypehist [2011/12/11 01:32:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/12/11 01:30:15 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/12/11 01:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011/12/11 01:27:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2011/12/10 15:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/12/10 15:01:10 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/12/10 14:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real [2011/12/10 14:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2011/11/29 01:06:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/11/28 06:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder [2011/11/28 06:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/11/28 06:18:19 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/11/28 06:16:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/11/28 06:16:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/11/28 06:16:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/11/28 06:16:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/11/28 06:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/11/28 06:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/28 06:15:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools [2011/11/28 06:14:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/13 15:53:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/13 15:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/12/13 14:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/12/12 00:33:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/11 21:40:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/12/11 21:04:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/12/11 12:46:25 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/11 08:17:02 | 000,000,672 | -H-- | M] () -- C:\aaw7boot.cmd [2011/12/11 02:08:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/11 01:51:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/12/11 01:32:10 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:32:09 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 01:30:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/11 01:27:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2011/12/11 01:21:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/11 01:20:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/11 01:20:58 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011/12/10 15:01:31 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 15:01:10 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 14:41:39 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/10 14:40:35 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/10 14:34:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/08 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/12/02 21:57:02 | 000,016,958 | ---- | M] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/11/28 06:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/11/28 06:18:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:04:30 | 000,000,408 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/11/21 05:45:29 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin [2011/11/14 14:53:33 | 000,199,680 | R--- | M] () -- C:\Documents and Settings\User\Desktop\Backup of paul667UpgradeResume.wbk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/11 08:17:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 08:17:02 | 000,000,672 | -H-- | C] () -- C:\aaw7boot.cmd [2011/12/11 01:30:24 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/11 01:30:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/10 15:01:31 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 14:40:35 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/02 21:57:08 | 000,016,958 | ---- | C] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/11/28 06:23:44 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk [2011/11/28 06:23:44 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011/11/28 06:23:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011/11/28 06:23:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2011/11/28 06:23:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk [2011/11/28 06:23:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2011/11/28 06:23:31 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk [2011/11/28 06:23:31 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/11/28 06:23:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/11/28 06:23:31 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk [2011/11/28 06:23:30 | 000,002,379 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/11/28 06:23:30 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZIP RAR ACE Password Recovery.lnk [2011/11/28 06:23:30 | 000,001,620 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/11/28 06:23:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011/11/28 06:23:30 | 000,001,083 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Kane's Wrath.lnk [2011/11/28 06:23:30 | 000,000,981 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2011/11/28 06:23:30 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk [2011/11/28 06:23:30 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk [2011/11/28 06:23:30 | 000,000,815 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/11/28 06:23:30 | 000,000,800 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2011/11/28 06:23:30 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/11/28 06:23:29 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk [2011/11/28 06:23:29 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk [2011/11/28 06:23:29 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk [2011/11/28 06:23:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/11/28 06:23:29 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Pacific Assault(tm).lnk [2011/11/28 06:23:29 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer™ Red Alert™ 3.lnk [2011/11/28 06:23:29 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk [2011/11/28 06:23:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk [2011/11/28 06:23:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/11/28 06:23:29 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk [2011/11/28 06:23:29 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK [2011/11/28 06:23:29 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk [2011/11/28 06:23:29 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk [2011/11/28 06:23:29 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2011/11/28 06:23:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/11/28 06:23:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk [2011/11/28 06:23:29 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/11/28 06:23:29 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GetRight.lnk [2011/11/28 06:23:29 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2011/11/28 06:23:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2011/11/28 06:23:29 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk [2011/11/28 06:18:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/11/28 06:18:22 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/11/28 06:16:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/11/28 06:16:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/11/28 06:16:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/11/28 06:16:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/11/28 06:16:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/11/28 06:08:22 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:08:21 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:04:09 | 000,000,408 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/08/01 15:47:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2011/08/01 15:47:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2010/02/09 04:19:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe [2009/12/18 04:47:54 | 000,000,898 | ---- | C] () -- C:\WINDOWS\ARPR.INI [2009/11/18 18:04:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/10/29 04:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2009/10/27 04:40:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009/10/27 04:40:28 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2009/10/27 04:40:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009/10/27 04:40:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009/10/27 04:40:28 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/10/27 04:40:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat [2009/10/27 04:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/24 05:29:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/23 17:18:36 | 000,071,760 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/20 01:44:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/10/20 01:44:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/10/20 01:42:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/10/20 01:03:42 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/19 18:57:27 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat [2009/10/19 14:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/10/19 14:41:16 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/10/19 14:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/10/08 23:57:57 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009/10/08 23:57:56 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009/10/08 23:54:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/04/03 14:09:26 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll [2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2006/02/01 15:04:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/02/01 14:29:45 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/02/01 14:28:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/02/01 14:15:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2006/02/01 13:25:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/02/01 13:22:44 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2006/02/01 13:22:39 | 000,188,348 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/02/01 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/02/01 12:42:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/02/01 04:32:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/02/01 04:29:29 | 000,332,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 07:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 07:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2011/01/04 17:22:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/08/01 15:47:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV [2011/03/16 21:49:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2010/08/07 14:13:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/19 16:21:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon [2011/01/04 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX [2009/11/25 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Kane's Wrath [2009/11/04 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars [2011/01/28 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRight [2010/04/17 03:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 [2010/04/04 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 Demo [2009/11/05 00:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template [2009/12/19 07:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ZIP RAR ACE Password Recovery [2011/12/12 00:33:18 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/12/11 02:08:04 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/01/25 09:20:52 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2011/01/19 14:57:07 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2011/01/15 18:12:54 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2010/12/28 23:23:49 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2010/07/12 12:22:55 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc [2010/07/09 19:41:26 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc < End of report > Share this post Link to post Share on other sites
snipes 0 Report post Posted December 13, 2011 The Extras.txt log: OTL Extras logfile created on: 12/13/2011 3:53:54 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.16% Memory free 4.25 Gb Paging File | 3.65 Gb Available in Paging File | 85.94% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 25.16 Gb Free Space | 5.40% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe" = C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm) -- (Electronic Arts Inc.) "C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault "{107254A0-0ADF-11D4-9397-00D0B7020B38}" = "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm) "{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library "{6A604678-4B8E-4E76-B50E-EC25E42B09E5}" = ZIP RAR ACE Password Recovery "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{77C84C38-E592-4A33-AB99-FA524120452F}" = Ad-Aware "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{998F2DE0-3128-43B7-9A1C-D85A339659A9}" = oRipa MSN Webcam Recorder2.0.1 "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only) "ATI Display Driver" = ATI Display Driver "CAL" = Canon Camera Access Library "CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon MP560 series User Registration" = Canon MP560 series User Registration "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729) "Creative WebCam Center" = Creative WebCam Center "Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Download Manager" = Download Manager 2.3.10 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe "Get Yahoo! Messenger" = Get Yahoo! Messenger "GetRight_is1" = GetRight "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Money2006b" = Microsoft Money 2006 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Personal Printing Guide" = Canon Personal Printing Guide "PhotoStitch" = Canon Utilities PhotoStitch "PictureItPrem_v11" = Microsoft Digital Image Standard 2006 "PROSet" = Intel(R) Network Connections Drivers "RAR Password Cracker" = RAR Password Cracker 4.12 "RealPlayer 15.0" = RealPlayer "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide "Steam App 10" = Counter-Strike "Steam App 211" = Source SDK "Steam App 215" = Source SDK Base "Steam App 220" = Half-Life 2 "Steam App 320" = Half-Life 2: Deathmatch "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 440" = Team Fortress 2 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid_is1" = Xvid 1.2.2 final uninstall "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "VirtuaGirl_is1" = VirtuaGirl version 1.0.6.99 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12/7/2011 12:54:54 AM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application acrord32.exe, version 9.4.6.252, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4. Error - 12/9/2011 12:24:10 AM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x03a953d2. Error - 12/9/2011 12:24:50 AM | Computer Name = XPHOMEPC | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/9/2011 8:15:03 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x6034a064. Error - 12/11/2011 3:57:04 AM | Computer Name = XPHOMEPC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 12/11/2011 1:44:12 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. Error - 12/11/2011 1:46:29 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. Error - 12/11/2011 1:46:56 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. Error - 12/11/2011 7:47:37 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application acrord32.exe, version 9.4.6.252, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4. Error - 12/11/2011 8:03:57 PM | Computer Name = XPHOMEPC | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 8.2.0.26, fault address 0x00036163. [ System Events ] Error - 12/11/2011 1:19:46 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 1:44:42 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 8:02:26 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 9:41:35 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 12/11/2011 9:41:43 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/11/2011 9:47:14 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 12/11/2011 10:02:57 PM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/11/2011 10:09:00 PM | Computer Name = XPHOMEPC | Source = Service Control Manager | ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 12/12/2011 9:16:40 AM | Computer Name = XPHOMEPC | Source = DCOM | ID = 10010 Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register with DCOM within the required timeout. Error - 12/13/2011 2:31:32 AM | Computer Name = XPHOMEPC | Source = Microsoft Antimalware | ID = 1014 Description = %%860 has encountered an error trying to remove history of malware and other potentially unwanted software. Time: ?11/?13/?2011 1:31:32 AM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied. < End of report > Share this post Link to post Share on other sites
snipes 0 Report post Posted December 13, 2011 The Combofix log: ComboFix 11-11-28.02 - User 11/28/2011 6:21.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3068.2327 [GMT -5:00] Running from: c:\paul\Stuff\From Sites\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\fMwpcjPgnBH.exe c:\documents and settings\All Users\Application Data\qUSTcS5IHSLWkM.exe c:\documents and settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk c:\documents and settings\User\Desktop\System Fix.lnk c:\documents and settings\User\Start Menu\Programs\System Fix c:\documents and settings\User\Start Menu\Programs\System Fix\System Fix.lnk c:\documents and settings\User\Start Menu\Programs\System Fix\Uninstall System Fix.lnk c:\program files\Shared c:\program files\Shared\lib.sig . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 ))))))))))))))))))))))))))))))) . . 2011-11-28 11:04 . 2011-11-28 11:04 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl71ec75e4.sys 2011-11-28 11:01 . 2011-11-28 11:01 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys 2011-11-28 10:50 . 2011-11-28 10:50 28752 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl11b2d597.sys 2011-11-28 10:49 . 2011-11-28 11:03 56200 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\offreg.dll 2011-11-28 10:49 . 2011-10-07 03:48 6668624 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-10 14:22 . 2006-02-01 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 03:48 . 2010-10-17 09:56 6668624 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll 2004-10-01 20:00 . 2006-02-01 19:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="sttray.exe" [2007-01-18 303104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664] "RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384] "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2010-08-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-21 274608] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-10-27 815104] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 MpKsl11b2d597;MpKsl11b2d597;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl11b2d597.sys [11/28/2011 5:50 AM 28752] R1 MpKsl71ec75e4;MpKsl71ec75e4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKsl71ec75e4.sys [11/28/2011 6:04 AM 28752] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/20/2009 2:31 AM 149600] S1 MpKslcb048975;MpKslcb048975;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys [11/28/2011 6:01 AM 28752] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/15/2010 10:23 PM 94880] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL71EC75E4 . Contents of the 'Scheduled Tasks' folder . 2011-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-11-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 04:52] . 2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-11-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39] . 2011-11-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2011-11-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm TCP: DhcpNameServer = 64.71.255.198 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 1 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . HKLM-Run-fMwpcjPgnBH.exe - c:\documents and settings\All Users\Application Data\fMwpcjPgnBH.exe MSConfigStartUp-Microsoft Location Finder - c:\program files\Microsoft Location Finder\LocationFinder.exe MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe AddRemove-vghd - c:\documents and settings\User\Start Menu\Programs\VirtuaGirl\uninstall.lnk . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-11-28 06:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\docume~1\User\LOCALS~1\Temp\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:69,49,e2,b9,30,c2,df,fa,bb,0d,6f,eb,43,56,fd,70,fa,d1,16,ac,cb,1c,a3, b0,f4,56,0c,93,c2,57,17,ef,3e,9f,cc,ab,5f,b8,27,57,b5,66,ee,f6,71,57,2b,fa,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\License information*] "datasecu"=hex:ef,0b,23,59,e1,bc,4f,af,8f,16,99,14,b0,5d,93,23,08,2a,fa,1c,29, 13,af,20,b7,e3,b2,a6,35,57,84,d3,f4,6f,5b,32,c1,dd,cc,5d,a8,25,6c,03,05,7b,\ "rkeysecu"=hex:8a,08,2b,5b,b4,d9,0a,0c,f7,53,19,a6,13,7f,4f,13 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(696) c:\windows\system32\Ati2evxx.dll c:\windows\system32\COMRes.dll . Completion time: 2011-11-28 06:28:46 ComboFix-quarantined-files.txt 2011-11-28 11:28 . Pre-Run: 22,214,918,144 bytes free Post-Run: 30,022,045,696 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 6CED48A75995DE7B9DFE7DB14DB9FC21 Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 13, 2011 1. Uninstall "J2SE Runtime Environment 5.0 Update 6" since it is a very old version of Java with many vulnerabilities, which makes it easy to infect the computer from a web page. 2. Have you noticed that files or folders have disappeared, for example from desktop or start menu? It is rather common with "System Fix" infection. 3. The infection has changed some proxy settings. Please, check that they are correct: Control panel - Internet Options - Connections - LAN settings Click on Advanced Remove content in such a way that all fields belonging to the header "Servers" are empty. Click OK If anything in the field Address, remove it. Uncheck "Use a proxy server..." Firefox - Tools - Properties - Advanced - Network - Settings Select "No proxy". 4. Save TDSSKiller on the Desktop: [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url] Right-click and select [b]Extract all[/b]. Remember the location of the extracted file. Turn off all programs. Run the program TDSSKiller.exe which is the file you extracted. Click on [b]Start Scan[/b]. If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete. The computer might need a restart. Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time. Share this post Link to post Share on other sites
snipes 0 Report post Posted December 14, 2011 1. I uninstalled J2SE. 2. I had to manually unhide folders and restore my start menu and desktop icons. 3. I didn't have an "Advanced" option under LAN settings, but I did uncheck the box for "Use a proxy server..." 4. Here is the TDSSKiller log: 22:22:19.0972 8424 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 22:22:20.0206 8424 ============================================================ 22:22:20.0206 8424 Current date / time: 2011/12/13 22:22:20.0206 22:22:20.0206 8424 SystemInfo: 22:22:20.0206 8424 22:22:20.0206 8424 OS Version: 5.1.2600 ServicePack: 3.0 22:22:20.0206 8424 Product type: Workstation 22:22:20.0206 8424 ComputerName: XPHOMEPC 22:22:20.0206 8424 UserName: User 22:22:20.0206 8424 Windows directory: C:\WINDOWS 22:22:20.0206 8424 System windows directory: C:\WINDOWS 22:22:20.0206 8424 Processor architecture: Intel x86 22:22:20.0206 8424 Number of processors: 2 22:22:20.0206 8424 Page size: 0x1000 22:22:20.0206 8424 Boot type: Normal boot 22:22:20.0206 8424 ============================================================ 22:22:22.0347 8424 Initialize success 22:22:48.0644 4172 ============================================================ 22:22:48.0644 4172 Scan started 22:22:48.0644 4172 Mode: Manual; 22:22:48.0644 4172 ============================================================ 22:22:49.0769 4172 Abiosdsk - ok 22:22:49.0784 4172 abp480n5 - ok 22:22:49.0847 4172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:22:49.0847 4172 ACPI - ok 22:22:49.0863 4172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:22:49.0863 4172 ACPIEC - ok 22:22:49.0909 4172 ADIHdAudAddService (ca8e9f1e8c74b99f90a7f6c7df3c2572) C:\WINDOWS\system32\drivers\ADIHdAud.sys 22:22:49.0909 4172 ADIHdAudAddService - ok 22:22:49.0925 4172 adpu160m - ok 22:22:49.0972 4172 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys 22:22:49.0972 4172 AEAudio - ok 22:22:49.0988 4172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:22:49.0988 4172 aec - ok 22:22:50.0019 4172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 22:22:50.0019 4172 AFD - ok 22:22:50.0019 4172 Aha154x - ok 22:22:50.0034 4172 aic78u2 - ok 22:22:50.0034 4172 aic78xx - ok 22:22:50.0050 4172 AliIde - ok 22:22:50.0050 4172 amsint - ok 22:22:50.0113 4172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:22:50.0113 4172 Arp1394 - ok 22:22:50.0128 4172 asc - ok 22:22:50.0128 4172 asc3350p - ok 22:22:50.0128 4172 asc3550 - ok 22:22:50.0175 4172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:22:50.0175 4172 AsyncMac - ok 22:22:50.0191 4172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:22:50.0191 4172 atapi - ok 22:22:50.0191 4172 Atdisk - ok 22:22:50.0284 4172 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 22:22:50.0347 4172 ati2mtag - ok 22:22:50.0347 4172 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys 22:22:50.0363 4172 AtiHdmiService - ok 22:22:50.0378 4172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:22:50.0378 4172 Atmarpc - ok 22:22:50.0425 4172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:22:50.0425 4172 audstub - ok 22:22:50.0456 4172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:22:50.0456 4172 Beep - ok 22:22:50.0503 4172 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys 22:22:50.0503 4172 BrScnUsb - ok 22:22:50.0519 4172 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys 22:22:50.0519 4172 BrSerIf - ok 22:22:50.0519 4172 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 22:22:50.0519 4172 BrUsbSer - ok 22:22:50.0644 4172 catchme - ok 22:22:50.0675 4172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:22:50.0675 4172 cbidf2k - ok 22:22:50.0722 4172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:22:50.0722 4172 CCDECODE - ok 22:22:50.0738 4172 cd20xrnt - ok 22:22:50.0769 4172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:22:50.0769 4172 Cdaudio - ok 22:22:50.0784 4172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:22:50.0784 4172 Cdfs - ok 22:22:50.0800 4172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:22:50.0800 4172 Cdrom - ok 22:22:50.0800 4172 Changer - ok 22:22:50.0816 4172 CmdIde - ok 22:22:50.0831 4172 Cpqarray - ok 22:22:50.0831 4172 dac2w2k - ok 22:22:50.0847 4172 dac960nt - ok 22:22:50.0863 4172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:22:50.0863 4172 Disk - ok 22:22:50.0894 4172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 22:22:50.0909 4172 dmboot - ok 22:22:50.0925 4172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 22:22:50.0925 4172 dmio - ok 22:22:50.0956 4172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:22:50.0956 4172 dmload - ok 22:22:50.0988 4172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:22:50.0988 4172 DMusic - ok 22:22:50.0988 4172 dpti2o - ok 22:22:51.0003 4172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:22:51.0003 4172 drmkaud - ok 22:22:51.0034 4172 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys 22:22:51.0034 4172 E100B - ok 22:22:51.0081 4172 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\WINDOWS\system32\DRIVERS\e1k5132.sys 22:22:51.0081 4172 e1kexpress - ok 22:22:51.0097 4172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:22:51.0097 4172 Fastfat - ok 22:22:51.0128 4172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:22:51.0128 4172 Fdc - ok 22:22:51.0144 4172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 22:22:51.0144 4172 Fips - ok 22:22:51.0159 4172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:22:51.0159 4172 Flpydisk - ok 22:22:51.0175 4172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:22:51.0191 4172 FltMgr - ok 22:22:51.0191 4172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:22:51.0191 4172 Fs_Rec - ok 22:22:51.0206 4172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:22:51.0206 4172 Ftdisk - ok 22:22:51.0222 4172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:22:51.0222 4172 GEARAspiWDM - ok 22:22:51.0222 4172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:22:51.0222 4172 Gpc - ok 22:22:51.0238 4172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:22:51.0238 4172 HDAudBus - ok 22:22:51.0253 4172 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys 22:22:51.0253 4172 HECI - ok 22:22:51.0269 4172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:22:51.0269 4172 hidusb - ok 22:22:51.0284 4172 hpn - ok 22:22:51.0316 4172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:22:51.0316 4172 HTTP - ok 22:22:51.0331 4172 i2omgmt - ok 22:22:51.0331 4172 i2omp - ok 22:22:51.0347 4172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:22:51.0347 4172 i8042prt - ok 22:22:51.0472 4172 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 22:22:51.0566 4172 ialm - ok 22:22:51.0581 4172 igfx - ok 22:22:51.0581 4172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:22:51.0597 4172 Imapi - ok 22:22:51.0597 4172 ini910u - ok 22:22:51.0691 4172 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys 22:22:51.0753 4172 IntcAzAudAddService - ok 22:22:51.0753 4172 IntelIde - ok 22:22:51.0800 4172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:22:51.0800 4172 intelppm - ok 22:22:51.0816 4172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:22:51.0816 4172 Ip6Fw - ok 22:22:51.0847 4172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:22:51.0847 4172 IpFilterDriver - ok 22:22:51.0863 4172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:22:51.0863 4172 IpInIp - ok 22:22:51.0894 4172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:22:51.0894 4172 IpNat - ok 22:22:51.0925 4172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:22:51.0925 4172 IPSec - ok 22:22:51.0941 4172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:22:51.0941 4172 IRENUM - ok 22:22:51.0988 4172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:22:51.0988 4172 isapnp - ok 22:22:52.0003 4172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:22:52.0003 4172 Kbdclass - ok 22:22:52.0050 4172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:22:52.0050 4172 kbdhid - ok 22:22:52.0066 4172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:22:52.0066 4172 kmixer - ok 22:22:52.0097 4172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:22:52.0097 4172 KSecDD - ok 22:22:52.0144 4172 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 22:22:52.0144 4172 Lbd - ok 22:22:52.0144 4172 lbrtfdc - ok 22:22:52.0222 4172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:22:52.0222 4172 mnmdd - ok 22:22:52.0253 4172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:22:52.0253 4172 Modem - ok 22:22:52.0253 4172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:22:52.0253 4172 Mouclass - ok 22:22:52.0300 4172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:22:52.0300 4172 mouhid - ok 22:22:52.0316 4172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:22:52.0316 4172 MountMgr - ok 22:22:52.0363 4172 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 22:22:52.0363 4172 MpFilter - ok 22:22:52.0472 4172 MpKsl02585e95 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1894C3C0-CB99-4CBF-857A-D5FA9B8250C6}\MpKsl02585e95.sys 22:22:52.0472 4172 MpKsl02585e95 - ok 22:22:52.0488 4172 MpKslcb048975 - ok 22:22:52.0488 4172 mraid35x - ok 22:22:52.0503 4172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:22:52.0503 4172 MRxDAV - ok 22:22:52.0550 4172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:22:52.0550 4172 MRxSmb - ok 22:22:52.0566 4172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:22:52.0566 4172 Msfs - ok 22:22:52.0581 4172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:22:52.0581 4172 MSKSSRV - ok 22:22:52.0597 4172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:22:52.0597 4172 MSPCLOCK - ok 22:22:52.0597 4172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:22:52.0613 4172 MSPQM - ok 22:22:52.0628 4172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:22:52.0628 4172 mssmbios - ok 22:22:52.0675 4172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 22:22:52.0675 4172 MSTEE - ok 22:22:52.0706 4172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:22:52.0706 4172 Mup - ok 22:22:52.0753 4172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:22:52.0753 4172 NABTSFEC - ok 22:22:52.0769 4172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:22:52.0769 4172 NDIS - ok 22:22:52.0784 4172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:22:52.0784 4172 NdisIP - ok 22:22:52.0800 4172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:22:52.0800 4172 NdisTapi - ok 22:22:52.0816 4172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:22:52.0816 4172 Ndisuio - ok 22:22:52.0847 4172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:22:52.0847 4172 NdisWan - ok 22:22:52.0878 4172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:22:52.0878 4172 NDProxy - ok 22:22:52.0878 4172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:22:52.0878 4172 NetBIOS - ok 22:22:52.0925 4172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:22:52.0925 4172 NetBT - ok 22:22:52.0956 4172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:22:52.0956 4172 NIC1394 - ok 22:22:52.0972 4172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:22:52.0972 4172 Npfs - ok 22:22:52.0988 4172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:22:52.0988 4172 Ntfs - ok 22:22:53.0050 4172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:22:53.0050 4172 Null - ok 22:22:53.0097 4172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:22:53.0097 4172 NwlnkFlt - ok 22:22:53.0097 4172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:22:53.0097 4172 NwlnkFwd - ok 22:22:53.0175 4172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:22:53.0175 4172 ohci1394 - ok 22:22:53.0206 4172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:22:53.0206 4172 Parport - ok 22:22:53.0206 4172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:22:53.0206 4172 PartMgr - ok 22:22:53.0238 4172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:22:53.0238 4172 ParVdm - ok 22:22:53.0269 4172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:22:53.0284 4172 PCI - ok 22:22:53.0284 4172 PCIDump - ok 22:22:53.0300 4172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:22:53.0300 4172 PCIIde - ok 22:22:53.0363 4172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:22:53.0363 4172 Pcmcia - ok 22:22:53.0394 4172 PD0620VID (4431f2fa27f56f4bc654b0af5810cc91) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys 22:22:53.0409 4172 PD0620VID - ok 22:22:53.0409 4172 PDCOMP - ok 22:22:53.0409 4172 PDFRAME - ok 22:22:53.0425 4172 PDRELI - ok 22:22:53.0425 4172 PDRFRAME - ok 22:22:53.0441 4172 perc2 - ok 22:22:53.0441 4172 perc2hib - ok 22:22:53.0472 4172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:22:53.0472 4172 PptpMiniport - ok 22:22:53.0472 4172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:22:53.0488 4172 PSched - ok 22:22:53.0519 4172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:22:53.0519 4172 Ptilink - ok 22:22:53.0534 4172 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:22:53.0534 4172 PxHelp20 - ok 22:22:53.0550 4172 ql1080 - ok 22:22:53.0550 4172 Ql10wnt - ok 22:22:53.0566 4172 ql12160 - ok 22:22:53.0581 4172 ql1240 - ok 22:22:53.0581 4172 ql1280 - ok 22:22:53.0613 4172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:22:53.0613 4172 RasAcd - ok 22:22:53.0628 4172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:22:53.0628 4172 Rasl2tp - ok 22:22:53.0628 4172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:22:53.0628 4172 RasPppoe - ok 22:22:53.0644 4172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:22:53.0644 4172 Raspti - ok 22:22:53.0675 4172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:22:53.0675 4172 Rdbss - ok 22:22:53.0691 4172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:22:53.0691 4172 RDPCDD - ok 22:22:53.0738 4172 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 22:22:53.0738 4172 RDPWD - ok 22:22:53.0738 4172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:22:53.0738 4172 redbook - ok 22:22:53.0784 4172 RTL8023xp (760647db46457673f21b0c0b1ec78d02) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 22:22:53.0784 4172 RTL8023xp - ok 22:22:53.0816 4172 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 22:22:53.0816 4172 rtl8139 - ok 22:22:53.0847 4172 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 22:22:53.0847 4172 RTLE8023xp - ok 22:22:53.0863 4172 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 22:22:53.0863 4172 sbp2port - ok 22:22:53.0909 4172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:22:53.0909 4172 Secdrv - ok 22:22:53.0972 4172 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 22:22:53.0972 4172 SenFiltService - ok 22:22:53.0972 4172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:22:53.0988 4172 serenum - ok 22:22:53.0988 4172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:22:53.0988 4172 Serial - ok 22:22:54.0003 4172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:22:54.0003 4172 Sfloppy - ok 22:22:54.0050 4172 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys 22:22:54.0050 4172 sfng32 - ok 22:22:54.0066 4172 Simbad - ok 22:22:54.0097 4172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:22:54.0097 4172 SLIP - ok 22:22:54.0128 4172 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\WINDOWS\system32\DRIVERS\SMBios.sys 22:22:54.0128 4172 SMBios - ok 22:22:54.0144 4172 Sparrow - ok 22:22:54.0144 4172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:22:54.0144 4172 splitter - ok 22:22:54.0175 4172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:22:54.0175 4172 sr - ok 22:22:54.0206 4172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:22:54.0206 4172 Srv - ok 22:22:54.0269 4172 STHDA (237ccbfc82b4c98435461972597f29d5) C:\WINDOWS\system32\drivers\sthda.sys 22:22:54.0284 4172 STHDA - ok 22:22:54.0316 4172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:22:54.0316 4172 streamip - ok 22:22:54.0347 4172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:22:54.0347 4172 swenum - ok 22:22:54.0347 4172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:22:54.0347 4172 swmidi - ok 22:22:54.0363 4172 symc810 - ok 22:22:54.0363 4172 symc8xx - ok 22:22:54.0378 4172 sym_hi - ok 22:22:54.0378 4172 sym_u3 - ok 22:22:54.0409 4172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:22:54.0409 4172 sysaudio - ok 22:22:54.0456 4172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:22:54.0456 4172 Tcpip - ok 22:22:54.0472 4172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:22:54.0472 4172 TDPIPE - ok 22:22:54.0503 4172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:22:54.0503 4172 TDTCP - ok 22:22:54.0503 4172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:22:54.0519 4172 TermDD - ok 22:22:54.0519 4172 TosIde - ok 22:22:54.0566 4172 tpm (298572a7e0d5a63a90e134bb34ccaceb) C:\WINDOWS\system32\DRIVERS\tpm.sys 22:22:54.0566 4172 tpm - ok 22:22:54.0597 4172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:22:54.0597 4172 Udfs - ok 22:22:54.0597 4172 ultra - ok 22:22:54.0659 4172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:22:54.0659 4172 Update - ok 22:22:54.0706 4172 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 22:22:54.0706 4172 USBAAPL - ok 22:22:54.0753 4172 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 22:22:54.0753 4172 usbaudio - ok 22:22:54.0800 4172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:22:54.0816 4172 usbccgp - ok 22:22:54.0847 4172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:22:54.0847 4172 usbehci - ok 22:22:54.0847 4172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:22:54.0847 4172 usbhub - ok 22:22:54.0878 4172 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 22:22:54.0878 4172 usbohci - ok 22:22:54.0894 4172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:22:54.0894 4172 usbprint - ok 22:22:54.0909 4172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:22:54.0909 4172 usbscan - ok 22:22:54.0925 4172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:22:54.0925 4172 USBSTOR - ok 22:22:54.0925 4172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:22:54.0925 4172 usbuhci - ok 22:22:54.0941 4172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:22:54.0941 4172 VgaSave - ok 22:22:54.0941 4172 ViaIde - ok 22:22:54.0972 4172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:22:54.0988 4172 VolSnap - ok 22:22:54.0988 4172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:22:54.0988 4172 Wanarp - ok 22:22:55.0003 4172 WDICA - ok 22:22:55.0019 4172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:22:55.0019 4172 wdmaud - ok 22:22:55.0081 4172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:22:55.0097 4172 WSTCODEC - ok 22:22:55.0128 4172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:22:55.0128 4172 WudfPf - ok 22:22:55.0144 4172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:22:55.0144 4172 WudfRd - ok 22:22:55.0175 4172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:22:55.0316 4172 \Device\Harddisk0\DR0 - ok 22:22:55.0331 4172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 22:22:55.0425 4172 \Device\Harddisk1\DR1 - ok 22:22:55.0441 4172 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk2\DR4 22:22:55.0441 4172 \Device\Harddisk2\DR4 - ok 22:22:55.0441 4172 Boot (0x1200) (2637e8f6c67c73585319b8ad5670a570) \Device\Harddisk0\DR0\Partition0 22:22:55.0441 4172 \Device\Harddisk0\DR0\Partition0 - ok 22:22:55.0456 4172 Boot (0x1200) (5c42d30e85a53c110fe77534a9c2114c) \Device\Harddisk1\DR1\Partition0 22:22:55.0456 4172 \Device\Harddisk1\DR1\Partition0 - ok 22:22:55.0456 4172 Boot (0x1200) (fc07604c553408059dcc42fcf2250cbc) \Device\Harddisk2\DR4\Partition0 22:22:55.0456 4172 \Device\Harddisk2\DR4\Partition0 - ok 22:22:55.0456 4172 ============================================================ 22:22:55.0456 4172 Scan finished 22:22:55.0456 4172 ============================================================ 22:22:55.0472 8840 Detected object count: 0 22:22:55.0472 8840 Actual detected object count: 0 Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 14, 2011 2. Please, read http://www.bleepingcomputer.com/forums/topic405109.html To be as sure as possible that the computer is clean, run the following two programs: 1. Please, let aswMBR scan the computer, see <a href='http://public.avast.com/~gmerek/aswMBR.htm' class='bbc_url' title='External link' rel='nofollow external'>http://public.avast....erek/aswMBR.htm</a> Follow only the first section, "How to scan", and don't try to fix anything. Post its log. 2. Run an online scan with Eset http://www.eset.com/onlinescan/ To shorten the scanning time disable your antivirus program while scanning. Un-check "Remove found threats" Check "Scan Archives" Click "Advanced Settings" Check: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Click Scan When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer. Share this post Link to post Share on other sites
snipes 0 Report post Posted December 15, 2011 I read the post on Unhide.exe and I ran the program, it says it worked. I was unable to get to the aswMBR page, the link you gave did not work. Here is the log.txt from ESET: [email="[email protected]"][email protected][/email] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6a0dec90dd51bc45889abeb8b3c9d34d # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-12-15 07:13:26 # local_time=2011-12-15 02:13:26 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5891 16776533 42 87 0 19856031 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=369234 # found=2 # cleaned=0 # scan_time=8446 C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\prefs.js.BAK Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 15, 2011 Sorry, that link looks strange after posting. New try: http://public.avast.com/~gmerek/aswMBR.htm Delete the ComboFix you have and download a new version. http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix. Paste the content of the log into your answer. Paste a fresh OTL.txt, too. Share this post Link to post Share on other sites
snipes 0 Report post Posted December 16, 2011 Here is the aswMBR log: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-15 23:38:17 ----------------------------- 23:38:17.437 OS Version: Windows 5.1.2600 Service Pack 3 23:38:17.437 Number of processors: 2 586 0x170A 23:38:17.437 ComputerName: XPHOMEPC UserName: User 23:38:18.421 Initialize success 23:39:13.515 AVAST engine defs: 11121502 23:39:24.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10 23:39:24.515 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3 23:39:24.515 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1d 23:39:24.531 Disk 1 Vendor: WDC_WD2500JS-41MVB1 10.02E01 Size: 238475MB BusType: 3 23:39:24.640 Disk 2 \Device\Harddisk2\DR4 -> \Device\Sbp2\WD&My Book&0&0090a97a_62d92c23_Instance00 23:39:24.656 Disk 2 Vendor: WD______ 1028 Size: 953869MB BusType: 4 23:39:26.734 Disk 0 MBR read successfully 23:39:26.750 Disk 0 MBR scan 23:39:26.765 Disk 0 Windows XP default MBR code 23:39:26.781 Disk 0 scanning sectors +976768065 23:39:26.875 Disk 0 scanning C:\WINDOWS\system32\drivers 23:39:42.843 Service scanning 23:39:43.281 Service MpKsl80616ebd C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys **LOCKED** 32 23:39:44.437 Modules scanning 23:39:48.437 Disk 0 trace - called modules: 23:39:48.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 23:39:48.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af44ab8] 23:39:48.531 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-10[0x8af41d98] 23:39:49.687 AVAST engine scan C:\WINDOWS 23:40:11.218 AVAST engine scan C:\WINDOWS\system32 23:42:36.328 AVAST engine scan C:\WINDOWS\system32\drivers 23:42:59.890 AVAST engine scan C:\Documents and Settings\User 23:48:47.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 23:48:47.140 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt" Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 16, 2011 How is it going with ComboFix and OTL? Share this post Link to post Share on other sites
snipes 0 Report post Posted December 17, 2011 Here is the Combofix log: ComboFix 11-12-15.02 - User 12/16/2011 0:20.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3068.2185 [GMT -5:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 ))))))))))))))))))))))))))))))) . . 2011-12-16 03:34 . 2011-12-16 03:34 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys 2011-12-16 03:34 . 2011-12-16 03:34 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\offreg.dll 2011-12-16 03:34 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\mpengine.dll 2011-12-15 04:50 . 2011-12-15 04:50 -------- d-----w- c:\program files\ESET 2011-12-11 13:17 . 2011-12-11 06:32 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-12-11 06:32 . 2011-12-11 06:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-12-11 06:30 . 2011-12-02 12:49 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-12-11 06:30 . 2011-12-11 06:30 -------- d-----w- c:\program files\Lavasoft 2011-12-11 06:30 . 2011-12-11 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-12-10 20:01 . 2011-12-10 20:01 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2011-12-10 20:01 . 2011-12-10 20:01 -------- d-----w- c:\program files\Common Files\xing shared 2011-12-10 20:01 . 2011-12-10 20:01 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2011-12-10 20:01 . 2011-12-10 20:01 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll 2011-12-10 19:43 . 2011-12-10 19:43 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Real 2011-12-10 19:41 . 2011-12-11 06:20 -------- d-----w- c:\windows\SxsCaPendDel . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 20:00 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-11-21 10:47 . 2010-10-17 09:56 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-10 14:22 . 2006-02-01 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2004-10-01 20:00 . 2006-02-01 19:15 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((( [email="[email protected]_11.26.23"][email protected]_11.26.23[/email] ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-11 06:30 . 2011-12-02 12:49 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys + 2011-12-10 20:01 . 2011-12-10 20:01 18944 c:\windows\Installer\5481c.msi + 2011-12-10 20:00 . 2011-12-10 20:00 92672 c:\windows\Installer\5480f.msi + 2011-12-10 19:45 . 2011-12-10 19:45 22016 c:\windows\Installer\5478f.msi + 2011-12-10 20:01 . 2011-12-10 20:01 5632 c:\windows\system32\pndx5032.dll - 2010-12-21 10:06 . 2010-12-21 10:06 5632 c:\windows\system32\pndx5032.dll + 2011-12-10 20:01 . 2011-12-10 20:01 6656 c:\windows\system32\pndx5016.dll - 2010-12-21 10:06 . 2010-12-21 10:06 6656 c:\windows\system32\pndx5016.dll + 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2009-07-12 03:11 . 2009-07-12 03:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll + 2009-07-12 03:11 . 2009-07-12 03:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll + 2009-07-12 03:14 . 2009-07-12 03:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll + 2009-07-12 03:11 . 2009-07-12 03:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll + 2011-12-10 20:01 . 2011-12-10 20:01 198832 c:\windows\system32\rmoc3260.dll - 2010-12-21 10:06 . 2010-12-21 10:06 272896 c:\windows\system32\pncrt.dll + 2011-12-10 20:01 . 2011-12-10 20:01 272896 c:\windows\system32\pncrt.dll + 2011-12-11 06:30 . 2011-12-11 06:30 7265280 c:\windows\Installer\73b09.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-08 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="sttray.exe" [2007-01-18 303104] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664] "RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-14 1040384] "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2010-08-19 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-10 296056] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [N/A] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-10-27 815104] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-01-16 01:10 69632 ------r- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-01-16 01:10 16384512 ------r- c:\windows\RTHDCPL.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "igndlm.exe"=c:\program files\Download Manager\DLM.exe /windowsstart /startifwork "ctfmon.exe"=c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName "MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "ControlCenter2.0"=c:\program files\Brother\ControlCenter2\brctrcen.exe /autorun . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"= "c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/11/2011 1:30 AM 64512] R1 MpKsl80616ebd;MpKsl80616ebd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24A297BD-8662-4651-AAF2-6E28B893F6BF}\MpKsl80616ebd.sys [12/15/2011 10:34 PM 29904] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [10/20/2009 2:31 AM 149600] S1 MpKslcb048975;MpKslcb048975;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE76464F-4AC1-41B0-A904-2BD19FB8A257}\MpKslcb048975.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2011 7:49 AM 2152152] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/15/2010 10:23 PM 94880] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/27/2011 4:31 PM 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *NewlyCreated* - MPKSL80616EBD *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2011-12-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-02 06:32] . 2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2011-12-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 04:52] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-27 21:31] . 2011-12-15 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39] . 2011-12-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14] . 2011-12-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm TCP: DhcpNameServer = 64.71.255.198 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 1 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe AddRemove-RealPlayer 15.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-12-16 00:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:69,49,e2,b9,30,c2,df,fa,bb,0d,6f,eb,43,56,fd,70,fa,d1,16,ac,cb,1c,a3, b0,f4,56,0c,93,c2,57,17,ef,3e,9f,cc,ab,5f,b8,27,57,b5,66,ee,f6,71,57,2b,fa,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . [HKEY_USERS\S-1-5-21-3848946577-2371322978-3439528459-1004\Software\SecuROM\License information*] "datasecu"=hex:ef,0b,23,59,e1,bc,4f,af,8f,16,99,14,b0,5d,93,23,08,2a,fa,1c,29, 13,af,20,b7,e3,b2,a6,35,57,84,d3,f4,6f,5b,32,c1,dd,cc,5d,a8,25,6c,03,05,7b,\ "rkeysecu"=hex:8a,08,2b,5b,b4,d9,0a,0c,f7,53,19,a6,13,7f,4f,13 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(720) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(5328) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-12-16 00:26:53 ComboFix-quarantined-files.txt 2011-12-16 05:26 ComboFix2.txt 2011-12-13 21:37 . Pre-Run: 26,376,257,536 bytes free Post-Run: 27,262,976,000 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 6E9C1644842621024FC9C60028587118 Share this post Link to post Share on other sites
snipes 0 Report post Posted December 17, 2011 Here is the OTL Log: OTL logfile created on: 12/17/2011 3:35:10 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 20.57% Memory free 4.25 Gb Paging File | 2.16 Gb Available in Paging File | 50.96% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 24.43 Gb Free Space | 5.25% Space Free | Partition Type: NTFS Drive E: | 232.88 Gb Total Space | 32.93 Gb Free Space | 14.14% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 579.18 Gb Free Space | 62.18% Space Free | Partition Type: NTFS Computer Name: XPHOMEPC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\qcap.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AppMgmt) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (catchme) -- File not found DRV - (MpKslc0149f27) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38CBD794-487A-4CF1-8A42-0576BC047793}\MpKslc0149f27.sys (Microsoft Corporation) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (PD0620VID) -- C:\WINDOWS\system32\drivers\P0620Vid.sys (Creative Technology Ltd.) DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com/"]http://www.google.com/[/url] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..keyword.URL: "[url="http://search.yahoo.com/search?fr=mcafee&p"]http://search.yahoo.com/search?fr=mcafee&p[/url]=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/23 14:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/10 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 15:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 15:01:35 | 000,000,000 | ---D | M] [2009/10/24 05:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions [2010/01/07 15:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eyycxugt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/19 16:47:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/08 21:19:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/12/10 15:01:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/11/23 14:49:39 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2011/11/25 23:36:09 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2011/11/28 06:26:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [url="http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab"]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab[/url] (CDownloadCtrl Object) O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} [url="http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB"]http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB[/url] (CTAdjust Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [url="http://download.eset.com/special/eos/OnlineScanner.cab"]http://download.eset.com/special/eos/OnlineScanner.cab[/url] (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [url="http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab"]http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab[/url] (CTAdjust Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D8B73F-953C-4EA5-88F0-F60B146891A1}: DhcpNameServer = 64.71.255.198 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/01 12:45:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/12/18 12:26:53 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/16 00:26:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/12/16 00:17:44 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/12/16 00:15:58 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/12/16 00:07:58 | 004,340,692 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe [2011/12/14 23:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/13 22:22:05 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe [2011/12/13 22:19:29 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/12/11 12:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Skypehist [2011/12/11 01:32:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:30:15 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/12/11 01:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft [2011/12/11 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011/12/11 01:27:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2011/12/10 15:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/12/10 15:01:10 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 15:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/12/10 14:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Real [2011/12/10 14:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2011/11/28 06:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder [2011/11/28 06:16:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/11/28 06:16:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/11/28 06:16:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/11/28 06:16:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/11/28 06:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/11/28 06:15:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/28 06:15:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Administrative Tools [2011/11/28 06:14:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/17 15:33:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/12/17 14:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/12/17 14:50:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/12/17 14:41:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/16 07:22:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/12/16 01:51:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/12/16 00:17:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/12/15 23:48:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat [2011/12/15 21:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/12/14 22:33:06 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/14 22:28:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/14 22:27:59 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3848946577-2371322978-3439528459-1004.job [2011/12/14 22:27:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/14 22:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/14 22:27:40 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011/12/14 01:30:59 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/12/14 01:30:59 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/12/11 21:04:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/12/11 12:46:25 | 000,142,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/11 01:32:10 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/12/11 01:32:09 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 01:30:18 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/10 15:01:31 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 15:01:10 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/10 15:01:03 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/10 15:01:03 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/10 15:01:02 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/10 14:40:35 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/02 21:57:02 | 000,016,958 | ---- | M] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/11/28 06:26:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/11/28 06:18:26 | 000,000,327 | ---- | M] () -- C:\Boot.bak [2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:04:30 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/11/21 05:45:29 | 000,001,104 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys [2011/11/21 05:43:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/15 23:48:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat [2011/12/14 01:30:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/12/14 01:30:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/12/13 22:21:42 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip [2011/12/11 08:17:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/12/11 01:30:24 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/11 01:30:18 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/12/10 15:01:31 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/10 14:40:35 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/02 21:57:08 | 000,016,958 | ---- | C] () -- C:\Documents and Settings\User\Desktop\303065_980052305768_60715446_40881510_669875230_n.jpg [2011/11/28 06:23:44 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk [2011/11/28 06:23:44 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2011/11/28 06:23:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011/11/28 06:23:32 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2011/11/28 06:23:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk [2011/11/28 06:23:31 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2011/11/28 06:23:31 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk [2011/11/28 06:23:31 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2011/11/28 06:23:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/11/28 06:23:31 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2006.lnk [2011/11/28 06:23:30 | 000,002,379 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk [2011/11/28 06:23:30 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2011/11/28 06:23:30 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZIP RAR ACE Password Recovery.lnk [2011/11/28 06:23:30 | 000,001,620 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/11/28 06:23:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011/11/28 06:23:30 | 000,001,083 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Kane's Wrath.lnk [2011/11/28 06:23:30 | 000,000,981 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2011/11/28 06:23:30 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk [2011/11/28 06:23:30 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk [2011/11/28 06:23:30 | 000,000,815 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/11/28 06:23:30 | 000,000,800 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2011/11/28 06:23:30 | 000,000,079 | R--- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/11/28 06:23:29 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative WebCam Center.lnk [2011/11/28 06:23:29 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk [2011/11/28 06:23:29 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series On-screen Manual.lnk [2011/11/28 06:23:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/11/28 06:23:29 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Pacific Assault(tm).lnk [2011/11/28 06:23:29 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer™ Red Alert™ 3.lnk [2011/11/28 06:23:29 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.0.lnk [2011/11/28 06:23:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk [2011/11/28 06:23:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/11/28 06:23:29 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk [2011/11/28 06:23:29 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP560 series User Registration.LNK [2011/11/28 06:23:29 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk [2011/11/28 06:23:29 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk [2011/11/28 06:23:29 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk [2011/11/28 06:23:29 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/11/28 06:23:29 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Medal of Honor Allied Assault.lnk [2011/11/28 06:23:29 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/11/28 06:23:29 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GetRight.lnk [2011/11/28 06:23:29 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2011/11/28 06:23:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2011/11/28 06:23:29 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Download Manager.lnk [2011/11/28 06:18:26 | 000,000,327 | ---- | C] () -- C:\Boot.bak [2011/11/28 06:18:22 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/11/28 06:16:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/11/28 06:16:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/11/28 06:16:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/11/28 06:16:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/11/28 06:16:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/11/28 06:08:22 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:08:21 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:04:09 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM [2011/08/01 15:47:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2011/08/01 15:47:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys [2010/09/15 03:44:49 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2010/02/09 04:19:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe [2009/12/18 04:47:54 | 000,000,898 | ---- | C] () -- C:\WINDOWS\ARPR.INI [2009/11/18 18:04:18 | 000,000,078 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/10/29 04:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2009/10/27 04:40:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2009/10/27 04:40:28 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2009/10/27 04:40:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2009/10/27 04:40:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2009/10/27 04:40:28 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009/10/27 04:40:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat [2009/10/27 04:40:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/24 05:29:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/23 17:18:36 | 000,071,760 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/20 01:44:58 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/10/20 01:44:58 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/10/20 01:42:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/10/20 01:03:42 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/19 18:57:27 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat [2009/10/19 14:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/10/19 14:41:16 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/10/19 14:41:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/10/08 23:57:57 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009/10/08 23:57:56 | 000,982,192 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009/10/08 23:54:54 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009/04/03 14:09:26 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll [2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2006/02/01 15:04:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/02/01 14:29:45 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/02/01 14:28:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/02/01 14:15:41 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2006/02/01 13:25:05 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006/02/01 13:22:44 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2006/02/01 13:22:39 | 000,188,348 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006/02/01 12:48:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/02/01 12:42:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/02/01 04:32:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/02/01 04:29:29 | 000,332,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 07:00:00 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 07:00:00 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2011/01/04 17:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/08/01 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV [2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2010/08/07 14:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/19 16:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011/03/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon [2011/01/04 17:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon Easy-WebPrint EX [2009/11/25 18:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Kane's Wrath [2009/11/04 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Command & Conquer 3 Tiberium Wars [2011/01/28 04:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRight [2010/04/17 03:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 [2010/04/04 13:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Red Alert 3 Demo [2009/11/05 00:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template [2010/09/15 03:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\vghd [2009/12/19 07:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ZIP RAR ACE Password Recovery [2011/12/14 22:28:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/12/14 22:33:06 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/01/25 09:20:52 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2011/01/19 14:57:07 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2011/01/15 18:12:54 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\User\My Documents\???? ??????.doc) -- C:\Documents and Settings\User\My Documents\День ангела.doc [2010/12/28 23:23:49 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??.doc) -- C:\Documents and Settings\User\My Documents\мы.doc [2010/07/12 12:22:55 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc [2010/07/09 19:41:26 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\User\My Documents\??????????? ????.doc) -- C:\Documents and Settings\User\My Documents\могократная виза.doc < End of report > Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 17, 2011 Please, close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL. How? See http://www.bleepingcomputer.com/forums/topic114351.html Start the program OTL. Copy all the lines in the box: [code] :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) [2011/11/28 06:08:22 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM [2011/11/28 06:08:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr [2011/11/28 06:04:30 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM :Commands [CREATERESTOREPOINT] [EMPTYTEMP] [REBOOT] [/code] Paste them into the field Custom Scans/Fixes. Click on Run Fix. If you are asked to restart the computer do that. Notepad will pop-up with a log. Copy it and paste it into your answer. If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run. Be sure that antivirus programs etc. are active before connecting to internet. Do a full scan with Ad-Aware and if anything is found, please paste that log, too. Share this post Link to post Share on other sites
snipes 0 Report post Posted December 18, 2011 Here is the OTL log: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkM moved successfully. C:\Documents and Settings\All Users\Application Data\~qUSTcS5IHSLWkMr moved successfully. C:\Documents and Settings\All Users\Application Data\qUSTcS5IHSLWkM moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point (0) [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 65536 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 12768 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: User ->Temp folder emptied: 21105 bytes ->Temporary Internet Files folder emptied: 314675317 bytes ->Java cache emptied: 776944 bytes ->FireFox cache emptied: 88434322 bytes ->Google Chrome cache emptied: 6322005 bytes ->Flash cache emptied: 281598 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 12996113 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32120 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9868 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 406.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12182011_140418 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\collegehumor.e0088093ce21eb5095e5017e54e17d1e[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\dot[1].gif not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\i3a[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\logCA4HNKAC.htm not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\logCAYFP4L4.htm not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\V387PV89\tops[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\273938_1343406536_541783836_q[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\372088_502316609_543885776_q[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\373378_126406450745685_1772439670_s[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\393440_258244987571236_171828799546189_742742_1517764592_a[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\5621205596[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0190[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0370[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0387[2].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\HPIM0389[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\log[1].htm not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\TEUVUE8U\video_content;rating=pg13;ctype=video;referrer=collegehumor[1].com;video_id=6547456;tag=rap;tag=music;tag=complain;sz=728x91;tile=6;sec=video_content;ord=96627112 not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\0543b1c3a746d0a40f1ded6dee229dbc[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\0bce88c22c61979b8ad0f537d78edd78[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312321085-877201835[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312528024-9078559[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1312832501-608995609[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\184x138-6882442[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\1985624[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\2720620378[1].html not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\273978_55202261_717339691_q[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\41009[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\cont_310_top[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\dailylinks[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\ETC121211AngelinaJolieBloodandHoneyOnline_220x130_2176087523[1].jpg not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\jquery.1.4.4.min[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\jquery.min[1].js not found! File\Folder C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QMV5FGDT\top1_new[1].jpg not found! Registry entries deleted on Reboot... Share this post Link to post Share on other sites
snipes 0 Report post Posted December 18, 2011 New Ad-Aware log: Logfile created: 12/18/2011 14:38:26 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: User *********************** Definitions database information *********************** Lavasoft definition file: 150.654 Genotype definition file version: 2011/09/21 13:56:01 Extended engine definition file: 11269.0 ******************************** Scan results: ********************************* Scan profile name: Smart Scan (ID: smart) Objects scanned: 56121 Objects detected: 10 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 10 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0 Description: *partypoker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409141 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *webpower* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409354 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Scan and cleaning complete: Finished correctly after 235 seconds *********************************** Settings *********************************** Scan profile: ID: smart, enabled:1, value: Smart Scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: false ID: onlyexecutables, enabled:1, value: true ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Dec 11 07:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Dec 11 13:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Dec 11 19:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Dec 11 01:30:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: XPHOMEPC Processor name: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Processor identifier: x86 Family 6 Model 23 Stepping 10 Processor speed: ~2500MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5898, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 2079723520 bytes Physical memory total: 3216564224 bytes Virtual memory available: 1908400128 bytes Virtual memory total: 2147352576 bytes Memory load: 35% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 600 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 676 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 708 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 752 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 764 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 936 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 956 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1024 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1128 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY PID: 1164 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1264 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1384 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1488 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1560 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1660 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1728 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1736 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1872 name: C:\WINDOWS\Explorer.EXE owner: User domain: XPHOMEPC PID: 1688 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1808 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1908 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 2008 name: C:\WINDOWS\system32\Brmfrmps.exe owner: SYSTEM domain: NT AUTHORITY PID: 980 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT AUTHORITY PID: 432 name: C:\Program Files\Analog Devices\Core\smax4pnp.exe owner: User domain: XPHOMEPC PID: 504 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: User domain: XPHOMEPC PID: 1184 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: XPHOMEPC PID: 1572 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1216 name: C:\Program Files\Real\RealPlayer\update\realsched.exe owner: User domain: XPHOMEPC PID: 1348 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: XPHOMEPC PID: 2100 name: C:\Program Files\Canon\CAL\CALMAIN.exe owner: SYSTEM domain: NT AUTHORITY PID: 2220 name: C:\WINDOWS\system32\ctfmon.exe owner: User domain: XPHOMEPC PID: 3204 name: C:\WINDOWS\system32\rundll32.exe owner: User domain: XPHOMEPC PID: 3220 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3292 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3636 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3748 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2564 name: C:\Documents and Settings\User\Local Settings\Application Data\vghd\bin\VirtuaGirl_Downloader.exe owner: User domain: XPHOMEPC PID: 3032 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: XPHOMEPC PID: 544 name: C:\Program Files\Skype\Phone\Skype.exe owner: User domain: XPHOMEPC PID: 588 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: XPHOMEPC PID: 2188 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY PID: 2152 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY Startup items: Name: SigmatelSysTrayApp imagepath: sttray.exe Name: NeroFilterCheck imagepath: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Name: RTHDCPL imagepath: RTHDCPL.EXE Name: IgfxTray imagepath: C:\WINDOWS\system32\igfxtray.exe Name: HotKeysCmds imagepath: C:\WINDOWS\system32\hkcmd.exe Name: Persistence imagepath: C:\WINDOWS\system32\igfxpers.exe Name: SoundMAXPnP imagepath: C:\Program Files\Analog Devices\Core\smax4pnp.exe Name: SetDefPrt imagepath: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: CanonMyPrinter imagepath: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon Name: CanonSolutionMenu imagepath: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon Name: MSC imagepath: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Name: APSDaemon imagepath: "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: TkBellExe imagepath: "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk imagepath: C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe Name: imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: Alerter displayname: Alerter Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: Ati HotKey Poller displayname: Ati HotKey Poller Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Bonjour Service displayname: Bonjour Service Name: brmfrmps displayname: Brother Popup Suspend service for Resource manager Name: Brother XP spl Service displayname: BrSplService Name: CCALib8 displayname: Canon Camera Access Library 8 Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: iPod Service displayname: iPod Service Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: MSIServer displayname: Windows Installer Name: MsMpSvc displayname: Microsoft Antimalware Service Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RichVideo displayname: Cyberlink RichVideo Service(CRVS) Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 18, 2011 How is the computer behaving now, any problems? Share this post Link to post Share on other sites
snipes 0 Report post Posted December 20, 2011 Things seem to be running better, however three issues are still occurring(caused by whatever System Fix did): 1) Whenever I open Internet Explorer, it gives me a message saying a program has tried to change my default search engine, acknowledging this message brings up a window that asks me to set my default search engine(which IE is setting automatically as Bing.com). This happens everytime no matter how many times I set my default search engine, if I quit IE and open it again, same thing) 2)Realplayer crashes everytime I try to run it. It pops up a window saying "Fatal Application Exit. Exiting Application" and the only button is an "OK" button, after which Realplayer quits. 3)Adobe Acrobat Reader: When I try to open a PDF(either a saved one on my hard drive or an e-mail attachment), I get the following error window: "Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe This application has requested the runtime to terminate it in an unusual way. Please contact the application's support team for more information." After which it closes. I updated it after completing all the scans and fixes we did, but this problem has not gone away with Acrobat Reader. Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted December 20, 2011 1) Does it say to which search engine or which program? It might for example be McAfee SiteAdvisor that does it. 2 and 3) Have you tried to uninstall the two programs and restarted the computer before trying to install the latest version of them again? Adobe Reader 9 is not the latest version. http://get.adobe.com/reader/ If you only use Adobe Reader for reading simple PDF files, there are other alternatives as FoxIt Reader (do not install any suggested toolbars) and Sumatra PDF. 4) Run an online scan with Eset http://www.eset.com/onlinescan/ To shorten the scanning time disable your antivirus program while scanning. Un-check "Remove found threats" Check "Scan Archives" Click "Advanced Settings" Check: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Click Scan When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer. Share this post Link to post Share on other sites
CeciliaB 478 Report post Posted January 20, 2012 Due to lack of feedback, this topic has been closed.If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.Thank You ! Share this post Link to post Share on other sites
