Jump to content

Antispyware soft

johnblaze
 Share

Recommended Posts

johnblaze Newbie

johnblaze

Posted
Posted

Hi,

 

I'm hoping you guys can help me out with some virus/malware problems I'm having with my PC. Yesterday my PC became infected with Antispyware Soft and I was having real trouble with false virus notifications and scans, recommending that I activate Antispyware Soft and use that as my virus protection. Eventually I managed to restart my PC (although Windows would only open in Debugging mode) and I managed to open the task manager and end the process that was running Antispyware Soft (I think, it ended in tssd.exe) and I deleted the folder that this file was in. However, now I am finding that Microsfot Security Essentials will not update, Internet Explorer will randomly open up web pages for Viagra etc. and my PC will not run Windows unless I hit F8 when it's booting up and select Debugging mode...

 

Any help you guys can offer would be greatly appreciated.

  • Replies 20
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

PsychoFishKiller Newbie

PsychoFishKiller

Posted
Posted
Hi,

 

I'm hoping you guys can help me out with some virus/malware problems I'm having with my PC. Yesterday my PC became infected with Antispyware Soft and I was having real trouble with false virus notifications and scans, recommending that I activate Antispyware Soft and use that as my virus protection. Eventually I managed to restart my PC (although Windows would only open in Debugging mode) and I managed to open the task manager and end the process that was running Antispyware Soft (I think, it ended in tssd.exe) and I deleted the folder that this file was in. However, now I am finding that Microsfot Security Essentials will not update, Internet Explorer will randomly open up web pages for Viagra etc. and my PC will not run Windows unless I hit F8 when it's booting up and select Debugging mode...

 

Any help you guys can offer would be greatly appreciated.

 

Don't you have a backup of sys? To me this problem sounds like a real headache which will take some time to solve unless you're familiar with malware

RandyL Newbie

RandyL

Posted
Posted
The malware experts should be able to help you with this. Please be patient until they get to it.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Starbuck Newbie

Starbuck

Posted
Posted

Hi johnblaze

 

Ok, let's make a start, there's a fair bit to do:

 

Step 1

 

Please reboot your computer in Safe Mode with Networking by doing the following :

 

* Restart your computer

* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

* Instead of Windows loading as normal, a menu with options should appear;

You will need to use the 'keyboard arrow keys' to navigate on this menu.

* Select the option, to run Windows in Safe Mode with Networking, then press "Enter".

* Then choose your usual account.

 

Step 2

 

Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options

Click on the Connections tab

Click on the Lan Settings button

Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen

Then press the OK button to close the Internet Options screen.

 

Internet Explorer should now work.

Or you can use Firefox to complete the next few steps.

 

Step 3

Please download:

Rkill

and save it to your Desktop.

Run the tool by clicking on it.

 

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Soft when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Antivirus Soft .

 

If the malware is persistant, you may have to RKill a number of times.

When it has finished, the black window will automatically close and you can continue with the next step.

 

Note

Please do not reboot your system until you have completed the following step, or the Malware will restart itself:

 

Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

Step 4

  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.
     
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png


    Now copy the lines below.
     
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
     
     
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

In your next reply, please submit:

MBAM scan report

Both reports from OTL

 

if the reports are too big to post..... add them as attachments.

 

 

Thanks.

Member of:

UNITE

johnblaze Newbie

johnblaze

Posted
  • Author
Posted
Hi Starbuck, thanks for getting back to me so quickly. I'm afraid that I've fallen at the first hurdle, my PC won't boot uip in safe mode with networking. The only way I can get it to boot up is by tapping F8 and then selecting Debugging mode.
Starbuck Newbie

Starbuck

Posted
Posted

Hi john,

 

Hi Starbuck, thanks for getting back to me so quickly. I'm afraid that I've fallen at the first hurdle, my PC won't boot uip in safe mode with networking. The only way I can get it to boot up is by tapping F8 and then selecting Debugging mode.
mmmm sounds a little more serious than AVSoft, but nothing we can't get around

 

Let's try a different approach:

 

Step

Please download exeHelper to your desktop.

If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan)

Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).

 

Step 2

  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png


    Now copy the lines below.
     
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
     
     
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

In your next reply, please submit:

exehelperlog.txt

and both reports from OTL.

 

 

Thanks.

Member of:

UNITE

johnblaze Newbie

johnblaze

Posted
  • Author
Posted

Hi Starbuck,

 

Here's the exehelperlog.txt:

 

exeHelper by Raktor

Build 20100414

Run at 09:58:40 on 06/05/10

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

 

 

 

 

 

Here's the OTL.txt:

 

OTL logfile created on: 05/06/2010 10:06:52 - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Admin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1,015.00 Mb Total Physical Memory | 348.00 Mb Available Physical Memory | 34.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 35.01 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 74.52 Gb Total Space | 10.78 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: EAGLE

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

PRC - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\UAService7.exe ()

PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)

PRC - C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\rsmsink.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)

MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)

SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe ()

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)

DRV - (RapportBuka) -- C:\WINDOWS\system32\drivers\RapportBuka.sys (Trusteer Ltd.)

DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (RAPIProtocol) -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys (Ralink Technology, Corp.)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.)

DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.)

DRV - (AF15BDA) -- C:\WINDOWS\system32\drivers\AF15BDA.sys (AfaTech )

DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)

DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)

DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)

DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

DRV - (KS-959) -- C:\WINDOWS\system32\drivers\KS-959.sys (Kingsun Corporation)

DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)

DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)

DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)

DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)

DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)

DRV - (SaiHFFB5) -- C:\WINDOWS\system32\drivers\SaiHFFB5.sys (Saitek)

DRV - (imhidusb) -- C:\WINDOWS\system32\drivers\imhidusb.sys (Immersion Corporation)

DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiNtBus.sys (Saitek)

DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)

DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)

DRV - (usbcm) -- C:\WINDOWS\system32\drivers\usbcm.sys (Microsystems Corp)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/16 16:18:29 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/12/12 18:36:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: nationet.com ([olb2] https in Trusted sites)

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)

O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft Data Collection Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/11/30 12:18:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\APPInst.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/30 18:55:49 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe - File not found

MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: MediaFace Integration - hkey= - key= - C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)

MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: Shockwave Updater - hkey= - key= - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (69256399187607552)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/06/05 10:00:20 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

[2010/06/03 18:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/06/03 18:29:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent

[2010/06/03 18:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2010/06/03 18:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games

[2010/06/03 18:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/06/03 17:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2010/06/03 15:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials(2)

[2010/06/03 13:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/06/03 10:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)

[2010/06/02 11:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/06/05 10:04:58 | 000,099,427 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Step 2.docx

[2010/06/05 10:01:20 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9B15BDD8-C4F6-4DA2-AEEF-53EDC9F95260}.job

[2010/06/05 10:00:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe

[2010/06/04 23:48:53 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Admin\ntuser.dat

[2010/06/04 23:47:32 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\exeHelper.com

[2010/06/03 19:26:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/06/03 19:20:55 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/03 19:20:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/03 19:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/03 19:16:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini

[2010/06/03 18:49:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/05/22 08:17:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/05/20 16:39:49 | 000,195,584 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/20 13:00:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/05/19 21:46:58 | 000,011,103 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Baby Names.docx

[2010/05/17 20:55:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/06/05 10:04:58 | 000,099,427 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Step 2.docx

[2010/06/04 23:47:29 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\exeHelper.com

[2010/06/03 15:47:14 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/05/23 21:35:10 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Admin\ntuser.dat

[2010/05/19 21:46:58 | 000,011,103 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Baby Names.docx

[2009/01/18 16:55:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/09/11 21:59:30 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys

[2008/06/06 07:53:12 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008/06/06 07:53:12 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2007/04/28 17:25:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2006/10/25 20:04:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2006/09/28 08:04:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/07/13 22:36:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2005/08/09 23:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2005/07/04 22:06:36 | 000,000,118 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI

[2005/06/21 20:57:53 | 000,001,958 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/05/10 21:39:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2005/05/10 21:39:00 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2005/01/29 13:00:57 | 000,000,395 | ---- | C] () -- C:\WINDOWS\videoimp.ini

[2005/01/29 13:00:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2005/01/29 00:59:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/11/30 17:24:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/11/30 12:44:40 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI

[2004/11/30 12:44:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

[2004/11/30 12:44:38 | 000,000,060 | ---- | C] () -- C:\WINDOWS\Wininit.ini

[2004/11/30 12:44:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[2004/11/30 12:44:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll

[2004/11/30 12:43:22 | 000,002,696 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2004/11/30 12:43:19 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2004/07/01 19:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll

[2004/07/01 19:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll

[2004/07/01 19:38:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[2004/07/01 19:38:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll

[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll

[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll

[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll

[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll

[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll

[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll

[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll

[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll

[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

 

========== LOP Check ==========

 

[2005/06/28 19:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ACD Systems

[2009/02/17 21:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Autodesk

[2009/12/05 00:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Azureus

[2008/06/06 07:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools

[2008/01/19 22:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Final Draft

[2010/04/15 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FUJIFILM

[2008/06/06 07:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Games

[2009/08/15 18:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo

[2008/03/23 12:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\gtk-2.0

[2010/03/27 14:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech

[2008/11/29 09:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\My Games

[2008/10/13 17:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nokia

[2009/08/26 20:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nokia Multimedia Player

[2009/08/26 19:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite

[2009/08/22 20:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Spectaculator

[2009/10/31 01:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sports Interactive

[2010/04/05 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TeamViewer

[2008/11/15 14:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Teleca

[2009/12/18 08:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Trusteer

[2008/06/03 19:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\URSoft

[2007/11/29 22:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2009/06/28 21:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010/02/20 18:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9(2)

[2007/12/17 13:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2008/03/22 11:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4

[2006/01/03 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes

[2008/01/19 22:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft

[2008/10/13 17:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2008/04/20 10:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki

[2007/04/01 08:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2008/11/22 11:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2008/10/13 17:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2008/04/25 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2007/04/28 17:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2009/08/29 22:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2010/02/20 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver

[2010/03/06 00:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek

[2009/10/31 01:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2008/11/15 14:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca

[2010/06/05 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/12/18 08:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer

[2010/04/05 19:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/13 17:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/01 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/06/03 19:26:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/06/05 10:01:20 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9B15BDD8-C4F6-4DA2-AEEF-53EDC9F95260}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

[2005/10/15 19:55:38 | 000,533,712 | ---- | M] (Adobe Systems) -- C:\AdbeRdr705_DLM_enu_full.exe

[2005/07/24 20:38:58 | 004,267,744 | ---- | M] (Logitech ) -- C:\mw9791enu.exe

 

 

< MD5 for: AGP440.SYS >

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/08/28 07:50:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008/08/28 07:50:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2003/03/31 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/08/28 07:50:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008/08/28 07:50:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 01:09:05 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cfgmgr32.dll

[2008/04/14 01:11:50 | 000,058,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\clusapi.dll

[2008/04/14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

[2008/04/14 01:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\davclnt.dll

[2003/03/31 13:00:00 | 000,847,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dbgeng.dll

[2008/04/14 01:11:51 | 000,640,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dbghelp.dll

[2008/04/14 01:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drprov.dll

[2008/04/14 01:11:53 | 000,125,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\exts.dll

[2006/10/14 09:13:25 | 000,981,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mfc42u.dll

[2008/04/14 01:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll

[2008/04/14 01:11:59 | 000,997,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msgina.dll

[2008/04/14 01:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netrap.dll

[2008/04/14 01:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui0.dll

[2008/04/14 01:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\netui1.dll

[2008/04/14 01:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntlanman.dll

[2008/04/14 01:12:02 | 000,040,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntmsapi.dll

[2003/03/31 13:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntsdexts.dll

[2008/04/14 01:12:02 | 000,249,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\odbc32.dll

[2008/04/13 18:26:05 | 000,094,208 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\odbcint.dll

[2006/10/18 21:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\PortableDeviceApi.dll

[2008/04/14 01:12:03 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\powrprof.dll

[2009/07/17 17:22:18 | 001,435,648 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\query.dll

[2008/04/13 18:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rsaenh.dll

[2008/04/14 01:12:04 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rsmps.dll

[2008/04/14 01:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sfc.dll

[2008/04/14 01:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sfcfiles.dll

[2008/04/14 01:12:05 | 000,140,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sfc_os.dll

[2008/04/14 01:12:05 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shgina.dll

[2008/04/14 01:12:07 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sti.dll

[2008/04/14 01:12:07 | 000,990,208 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\syssetup.dll

[2008/04/14 01:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\winsta.dll

[2007/10/27 18:40:30 | 000,222,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wmasf.dll

[2009/05/20 04:56:52 | 002,458,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\WMVCore.dll

[2008/04/13 18:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

========== Files - Unicode (All) ==========

[2005/01/21 16:55:47 | 000,000,000 | ---D | M](C:\WINDOWS\System32\%?ystemroot%) -- C:\WINDOWS\System32\%聳ystemroot%

[2005/01/21 16:55:47 | 000,000,000 | ---D | C](C:\WINDOWS\System32\%?ystemroot%) -- C:\WINDOWS\System32\%聳ystemroot%

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD30FA91

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B606BA34

< End of report >

 

 

 

 

 

 

And finally, here's the Extras.txt:

 

OTL Extras logfile created on: 05/06/2010 10:06:52 - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Admin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1,015.00 Mb Total Physical Memory | 348.00 Mb Available Physical Memory | 34.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 35.01 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 74.52 Gb Total Space | 10.78 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: EAGLE

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\WINDOWS\system32\lxbucoms.exe" = C:\WINDOWS\system32\lxbucoms.exe:*:Disabled:6200 Series Server -- File not found

"C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- File not found

"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found

"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found

"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" = C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- File not found

"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan -- File not found

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found

"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- File not found

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010 -- File not found

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 3.x for Office 2007

"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update

"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7

"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{9297A30F-0AC4-4F74-9798-DE3BBB0496B6}" = Windows OEM Preinstallation Kit

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.00

"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A718DCFB-D6CA-4BE7-AFAD-5F9E738F2AE6}" = Copier

"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite

"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware

"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)

"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)

"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.5 Professional

"Adobe Acrobat 8 Professional - English, Français, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)

"ArcSoft VideoImpression 16FP" = ArcSoft VideoImpression 1.6FP

"Audacity_is1" = Audacity 1.2.6

"AviSynth" = AviSynth 2.5

"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)

"BroadJump Client Foundation" = BroadJump Client Foundation

"CCleaner" = CCleaner

"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)

"C-Media Audio" = C-Media 3D Audio

"C-Media Audio Driver" = C-Media WDM Audio Driver

"CutePDF Writer Installation" = CutePDF Writer 2.7

"ENTERPRISER" = Microsoft Office Enterprise 2007

"EsetOnlineScanner" = ESET Online Scanner

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01

"InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nokia PC Suite" = Nokia PC Suite

"Photo-Saver_is1" = Photo-Saver

"Rapport_msi" = Rapport

"RealPlayer 6.0" = RealPlayer

"Shop for HP Supplies" = Shop for HP Supplies

"Videora iPod touch Converter" = Videora iPod touch Converter 5.04

"VLC media player" = VideoLAN VLC media player 0.8.6d

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 04/06/2010 18:44:22 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04/06/2010 18:44:22 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3312

 

Error - 04/06/2010 18:44:22 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3312

 

Error - 04/06/2010 18:44:29 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04/06/2010 18:44:29 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10812

 

Error - 04/06/2010 18:44:29 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10812

 

Error - 04/06/2010 19:43:45 | Computer Name = EAGLE | Source = MPSampleSubmission | ID = 5000

Description =

 

Error - 04/06/2010 23:40:03 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04/06/2010 23:40:03 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3563

 

Error - 04/06/2010 23:40:03 | Computer Name = EAGLE | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3563

 

[ OSession Events ]

Error - 06/09/2007 04:23:26 | Computer Name = EAGLE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 205

seconds with 180 seconds of active time. This session ended with a crash.

 

Error - 04/07/2009 14:19:48 | Computer Name = EAGLE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 03/06/2010 13:49:50 | Computer Name = EAGLE | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 03/06/2010 13:49:50 | Computer Name = EAGLE | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 03/06/2010 13:50:06 | Computer Name = EAGLE | Source = Microsoft Antimalware | ID = 2003

Description = %%861 has encountered an error trying to update the engine. New Engine

Version: 1.1.5502.0 Previous Engine Version: User: NT AUTHORITY\SYSTEM Error Code:

0x80070002 Error description: The system cannot find the file specified.

 

Error - 03/06/2010 13:53:06 | Computer Name = EAGLE | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source

Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description:

The connection with the server was terminated abnormally

 

Error - 03/06/2010 14:20:23 | Computer Name = EAGLE | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

 

Error - 03/06/2010 14:20:23 | Computer Name = EAGLE | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 03/06/2010 14:20:23 | Computer Name = EAGLE | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 03/06/2010 14:20:49 | Computer Name = EAGLE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

 

Error - 04/06/2010 19:43:44 | Computer Name = EAGLE | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.83.1076.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error

code: 0x80072efe Error description: The connection with the server was terminated

abnormally

 

Error - 05/06/2010 05:09:49 | Computer Name = EAGLE | Source = Microsoft Antimalware | ID = 1008

Description = %%861 has encountered an error when taking action on spyware or other

potentially unwanted software. For more information please see the following: Encyclopedia entry: Trojan:Win32/Rundis.gen!A - Learn more about malware - Microsoft Malware Protection Center

User:

NT AUTHORITY\SYSTEM Name: Trojan:Win32/Rundis.gen!A ID: 2147610132 Severity: Severe

Category:

Trojan Path: Action: %%809 Error Code: 0x80508023 Error description: The program could

not find the spyware and other potentially unwanted software on this computer.

Status: Signature Version: AV: 1.83.1076.0, AS: 1.83.1076.0 Engine Version: 1.1.5802.0

 

 

< End of report >

Starbuck Newbie

Starbuck

Posted
Posted

Hi john,

 

Thanks for that.

 

Step 1

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab  (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab  (Reg Error: Key error.)
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\APPInst.exe -- File not found
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD30FA91
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B606BA34

:commands
[emptytemp]
[purity]
[EMPTYFLASH]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

Step 2

Please update MBAM and run another scan:

Start MBAM

Click on the Update tab

 

http://img.photobucket.com/albums/v708/starbuck50/mbam1.png

 

Click Check for Updates

 

http://img.photobucket.com/albums/v708/starbuck50/mbam2.png

 

If it says that MBAM needs to close to update it... let it close and then restart.

Then click the Scan button.

 

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

In your next reply, please submit:

Otl fix report

MBAM scan report

 

 

Thanks.

Member of:

UNITE

johnblaze Newbie

johnblaze

Posted
  • Author
Posted

Hi Starbuck,

 

I ran the OTL fix last night, but when I checked the computer this morning it was still on the 'Windows is shutting down' screen, so I manually restarted the computer but again I had to hit F8 and go into Debugging mode to get Windows to load. I also updated MBAM and I had to go into Debugging mode when the computer rebooted. I've posted the log files below as requested:

 

 

 

All processes killed

Error: Unable to interpret <Code:> in the current context!

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.

Starting removal of ActiveX control {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

C:\WINDOWS\Downloaded Program Files\oscan8.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\ not found.

Starting removal of ActiveX control {6A344D34-5231-452A-8A57-D064AC9B7862}

C:\WINDOWS\Downloaded Program Files\symdlmgr.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

File oft XML Parser for Java http://file://C:\WINDOWS\Java\classes\xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

File F:\APPInst.exe not found.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:D282699C deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:CD30FA91 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B606BA34 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 3752108360 bytes

->Temporary Internet Files folder emptied: 32404856 bytes

->Java cache emptied: 8591 bytes

->Flash cache emptied: 6399 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 34373 bytes

 

User: NetworkService

->Temp folder emptied: 1035106 bytes

->Temporary Internet Files folder emptied: 1998852 bytes

->Flash cache emptied: 4677 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1158415 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 78739640 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35466 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 3,688.00 mb

 

 

[EMPTYFLASH]

 

User: Admin

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.5.3 log created on 06052010_223824

Files\Folders moved on Reboot...

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\U7NBEKUP\ads[3].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\O9X5Q1F2\9833-antispyware-soft[1].html moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\O9X5Q1F2\ads[1].htm moved successfully.

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\WINDOWS\temp\TMP00000001AD33CE086F3E9B9B moved successfully.

Registry entries deleted on Reboot...

 

 

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Database version: 4172

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

06/06/2010 09:15:17

mbam-log-2010-06-06 (09-15-17).txt

Scan type: Quick scan

Objects scanned: 128706

Time elapsed: 13 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Starbuck Newbie

Starbuck

Posted
Posted

Hi John,

 

Let's see what info this gives us:

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If running Vista, you may not see this screen
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

Thanks

Member of:

UNITE

johnblaze Newbie

johnblaze

Posted
  • Author
Posted

Hi Starbuck,

 

I've downloaded ComboFix but I can't shut down Microsoft Security Essentials. Every time I try I get an error message, and if I try to run ComboFix it tells me that MSE is running and to shut it down... I tried to uninstall MSE but it won't let me do that, and I tried to stop it through task manager but I get an error message when I try to open task manager.

 

Do you think it would be better to backup all my files and reinstall XP?

Starbuck Newbie

Starbuck

Posted
Posted

Hi John,

 

Just a couple of questions:

 

Are you trying to turn off MSSE from an administrator account? you will need to.

 

How are you trying to disable MSSE?

correct procedure is:

Click on the icon in the taskbar and then click 'Open'

or... click on Start >> Programs and then select MSSE.

Then click on the settings tab.

Click on Real-time Protection on the left hand side.

UNtick Turn on real-time protection (recommended)

and then click Save changes.

 

Do you think it would be better to backup all my files and reinstall XP?
That is obviously an option, but we do try to avoid this if necessary.

But it is always your decision that counts.

Member of:

UNITE

johnblaze Newbie

johnblaze

Posted
  • Author
Posted

Hi Starbuck,

 

I'm logged in with Admin rights, but when I try to open MSSE using either of the methods you specified I get an error message saying that an error occurred within the program and if it persists I should reinstall MSSE.

Starbuck Newbie

Starbuck

Posted
Posted

Hi John,

 

Normally if there are issues running Combofix we can suggest that it's run in Safe Mode .... but i'm betting this isn't an option given how you have to start Windows.

Maybe the quickest and easiest option is the reformat/re-install.

At least this will get you up and running properly again with a clean slate.

Don't forget you will need to get all you windows updates again.

 

There's a very handy guide on how to do this Here if you need it.

Member of:

UNITE

johnblaze Newbie

johnblaze

Posted
  • Author
Posted

Hi Starbuck,

 

I think that a reformat/reinstall is the best option. I was sort of prepared for this eventuality when I realised that the PC would only boot in Debugging mode.

 

Thanks for all your time and also for the reformat/reinstall guide.

Starbuck Newbie

Starbuck

Posted
Posted

You are more than welcome John,

I'm just sorry i couldn't have been of more help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Member of:

UNITE

johnblaze Newbie

johnblaze

Posted
  • Author
Posted

Hi Starbuck,

 

I've reformatted my hard drive and reinstalled XP and my PC is running much faster now. I'm just wondering if you have any ideas on how I can protect myself against viruses and malware such as Antispyware Soft in future? I'm using Microsoft Security Essentials as my antivirus software and I've got Malwarebyte's Anti Malware installed and I run a scan with it a couple of times a week at least...

Starbuck Newbie

Starbuck

Posted
Posted

Hi John,

 

Glad to see you up and running again.

 

This is what i normally post once we have removed all the malware from a system:

You may find some helpful information here.

 

To find out how you may have been infected....read this topic:

So how did i get infected?

 

Not all of the following information will be applicable to you, but it's still best to read it all.

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  • Use an AntiVirus Software

     

    Note*:

    Upon installation MS Security Essentials will check that your OS is a legal copy.

     

    Only install one AntiVirus program

     

    [*]Update your AntiVirus Software regularly

     

    [*]Use a 3rd party Firewall

    NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

     

    Only install one software Firewall

     

    Some 3rd party Firewalls will turn off the windows firewall when they are installed.

    It's always best to check that the Windows Firewall is turned off:

     

    How to turn off Windows Firewall:

    Start ... Control Panel ...click on 'Classic View'.

    now select Windows Firewall.

    When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

     

    [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner:

    Installing another scanner that you can run once or twice a week is always beneficial.

    Something like:

    Malwarebytes Anti-Malware

    SUPERAntiSypware

    Remember to update these programs each time before running.

    You can install more than one of these if you only run them as stand alone programs.

     

    [*] Use an alternative browser:

    Some excellent alternatives to MS Internet Explorer are:

     

    Firefox

    For added security, add the NoScript extension to this browser:

    Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

    also consider adding:

    WOT - Safe Browsing Tool

     

    Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

    Btw: you don't have to make a contribution.

     

    Opera

     

    They offer better security, more stability, and better speed.

     

    [*]Keep a backup of your registry

    Keeping a regular backup of your registry will help when something goes wrong.

    Use a program like:

    Erunt

     

    A full tutorial on how to set up and use Erunt can be found here:

    Erunt tutorial

     

    [*]Keep your system clean of temp files etc, using a 'Cleaner':

    Cleaners are programs that will help to clean out your:

    Windows temp files

    Current user temp files

    Cookies

    Temporary Internet flies

    Browser history

    Recycle bin

    Etc.......

    In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.

    Programs like:

    CCleaner

    TFC by OldTimer

    ATF Cleaner

     

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

     

    [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

     

    A tutorial on installing & using this product can be found here:

    Using and installing SpywareBlaster

     

    [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Glad I was able to help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...