Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error (login): 0x10e0 The operator or administrator has refused the request.


  • This topic is locked This topic is locked
11 replies to this topic

#1 janinaji

janinaji

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 30 November 2009 - 02:21 AM

Hi. An irritating popup that says "Error (login): 0x10e0 The operator or administrator has refused the request." appears on my laptop every 5 seconds to 5 minutes. I read numerous discussions that said it's a malware. I scanned the laptop using Malwarebytes but the popup still appears. I also used CCleaner to no avail. I tried installing pc-kitchen and ms-errors (Errorfixer) but it can't be installed for some reasons. Please help me. I also read that I shouldn't try fixing anything using HijackThis so I'm posting here the HijackThis log of my laptop so you can tell me what's wrong and what needs to be fixed. I appreciate your help.

Please don't spam an unnecessary product or recommend solutions that will not fix the problem but worsen it. Some people said they had the blue screen of death just because of some misleading responses. Thank you so much.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:56 PM, on 11/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\redirs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy7.up.edu.ph:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous] 
O4 - HKLM\..\Run: [restrictanonymoussam] 
O4 - HKLM\..\Run: [redirs.exe] C:\WINDOWS\system32\redirs.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunServices: [Light Drv ] C:\DOCUME~1\ADMINN~1\LOCALS~1\Temp\hklhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PCKitchenRegistryCleaner] C:\Program Files\PC-Kitchen\RegistryCleaner\RegistryCleaner.exe -boot
O4 - HKCU\..\Policies\Explorer\Run: [1] c:\windows\system32\winx86.dll.js
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12470 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 30 November 2009 - 11:10 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 janinaji

janinaji
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 30 November 2009 - 01:34 PM

Hi, Sam. :( Thanks for the reply. Anyway, I have scanned it using MalwareBytes just the other day. But just to be sure, I removed the MalwareBytes in my laptop and installed it again using your link. This time it didn't find any malware. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3262
Windows 5.1.2600 Service Pack 2

12/1/2009 2:16:14 AM
mbam-log-2009-12-01 (02-16-14).txt

Scan type: Quick Scan
Objects scanned: 106812
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







As for the OTL, here is the log:

OTL logfile created on: 12/1/2009 2:21:11 AM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = d:\Documents and Settings\admin nahera\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 365.10 Mb Available Physical Memory | 35.99% Memory free
1.87 Gb Paging File | 0.94 Gb Available in Paging File | 50.21% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 14.34 Gb Free Space | 41.96% Space Free | Partition Type: NTFS
Drive D: | 40.35 Gb Total Space | 17.84 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 372.52 Gb Total Space | 64.85 Gb Free Space | 17.41% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ADMIN_NAGERA
Current User Name: admin nahera
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/01 02:18:29 | 00,536,064 | ---- | M] (OldTimer Tools) -- d:\Documents and Settings\admin nahera\My Documents\Downloads\OTL.exe
PRC - [2009/11/27 07:13:56 | 00,163,840 | ---- | M] () -- C:\WINDOWS\system32\redirs.exe
PRC - [2009/11/25 07:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 07:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 07:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 07:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 07:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/12 07:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/12 10:26:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 03:58:09 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/09/23 17:21:28 | 00,798,720 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2008/03/26 18:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/03/26 13:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/26 12:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/26 12:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 12:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/08/24 08:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/24 08:36:30 | 00,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/07/12 09:52:18 | 00,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/06/24 15:38:36 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/21 04:57:36 | 00,142,104 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/04/21 04:57:32 | 00,252,696 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/04/21 04:57:30 | 00,138,008 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/04/21 04:57:26 | 00,166,680 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/21 04:57:20 | 00,162,584 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/04/13 08:33:10 | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/01/20 03:49:28 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2006/10/06 01:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/01/26 07:14:44 | 01,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
PRC - [2005/04/02 17:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/08/04 07:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/01 02:18:29 | 00,536,064 | ---- | M] (OldTimer Tools) -- d:\Documents and Settings\admin nahera\My Documents\Downloads\OTL.exe
MOD - [2007/06/24 15:40:33 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2007/01/20 03:49:20 | 00,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
MOD - [2007/01/20 02:29:54 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll
MOD - [2006/05/04 14:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NMIndexingService)
SRV - [2009/11/25 07:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 07:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 07:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 07:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/16 02:45:56 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/03/26 13:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/26 12:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/02/29 03:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/29 03:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/08/24 08:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/27 05:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/06 01:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/02 17:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\S-1-5-21-1214440339-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\S-1-5-21-1214440339-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\S-1-5-21-1214440339-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy7.up.edu.ph:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e0c7b854-d5ce-4db6-9804-be1438603d89}:2.0.4.1
FF - prefs.js..network.proxy.http: "proxy7.up.edu.ph"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/02/17 00:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Mozilla\Extensions
[2009/08/31 19:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Mozilla\Firefox\Profiles\3yo8wqhu.default\extensions
[2009/05/21 10:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Mozilla\Firefox\Profiles\3yo8wqhu.default\extensions\{e0c7b854-d5ce-4db6-9804-be1438603d89}

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EnableDCOM] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [redirs.exe] C:\WINDOWS\system32\redirs.exe ()
O4 - HKLM..\Run: [restrictanonymous] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [restrictanonymoussam] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [Google Update] C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [PCKitchenRegistryCleaner] C:\Program Files\PC-Kitchen\RegistryCleaner\RegistryCleaner.exe File not found
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - HKLM..\RunServices: [Light Drv ] C:\DOCUME~1\ADMINN~1\LOCALS~1\Temp\hklhost.exe File not found
O4 - Startup: C:\Documents and Settings\admin nahera\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 1
O7 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = c:\windows\system32\winx86.dll.js File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/31 21:31:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/25 11:43:44 | 00,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/07/22 14:22:38 | 00,000,000 | -HSD | M] - H:\autorun -- [ FAT32 ]
O33 - MountPoints2\{05fd81fd-17dc-11de-85c7-001d72199a77}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{05fd81fd-17dc-11de-85c7-001d72199a77}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\auto\command - "" = H:\Scrap
O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\explore\command - "" = H:\Scrap
O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\open\command - "" = H:\Scrap
O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\auto\command - "" = Scrap
O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\explore\command - "" = Scrap
O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\open\command - "" = Scrap
O33 - MountPoints2\{2f6ced97-394e-11de-862f-001d72199a77}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{2f6ced97-394e-11de-862f-001d72199a77}\Shell\Open\Command - "" = wscript.exe sowar.vbs
O33 - MountPoints2\{3261bc26-2ed8-11dd-8702-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\Shell\AutoRun\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
O33 - MountPoints2\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\Shell\open\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
O33 - MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\Shell\AutoRun\command - "" = bar311.exe %1
O33 - MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\Shell\Explore\command - "" = bar311.exe %1
O33 - MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\Shell\Open\command - "" = bar311.exe %1
O33 - MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\Shell\Explore\command - "" = F:\system.exe -- File not found
O33 - MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\Shell\Open\command - "" = F:\system.exe -- File not found
O33 - MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a1314826-f3b9-11dd-a644-001d72199a77}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
O33 - MountPoints2\{a1314826-f3b9-11dd-a644-001d72199a77}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
O33 - MountPoints2\{ac3bd1d8-bd76-11dd-a5c7-001d72199a77}\Shell\AutoRun\command - "" = PCTeam Rulez.exe
O33 - MountPoints2\{c4062700-a204-11de-86e8-001d72199a77}\Shell\AutoRun\command - "" = ph.exe
O33 - MountPoints2\{c4062700-a204-11de-86e8-001d72199a77}\Shell\open\Command - "" = ph.exe
O33 - MountPoints2\{cbd3135e-9b24-11dd-a584-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{cbd3135e-9b24-11dd-a584-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e1bda7fe-7623-11dd-a51e-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{e1bda7fe-7623-11dd-a51e-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\Shell\AutoRun\command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\Shell\Open\Command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
O33 - MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
O33 - MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
O33 - MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
O33 - MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
O33 - MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{e95bb18c-8922-11de-86bc-001d72199a77}\Shell\AutoRun\command - "" = wscript.exe solution.vbs
O33 - MountPoints2\{e95bb18c-8922-11de-86bc-001d72199a77}\Shell\Open\Command - "" = wscript.exe solution.vbs
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/05/31 21:30:57 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/01 02:05:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/01 02:05:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 02:05:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 14:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/28 13:53:37 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\admin nahera\Recent
[2009/11/28 13:46:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/11/28 13:46:12 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/28 13:27:10 | 00,000,000 | ---D | C] -- C:\Program Files\MS-Errors
[2009/11/28 13:19:22 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/11/28 13:18:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/11/28 13:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\PC-Kitchen
[2009/11/28 00:22:44 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/28 00:22:44 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/28 00:22:43 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/28 00:22:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/28 00:22:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/28 00:22:41 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/28 00:22:41 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/28 00:22:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/28 00:22:21 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/27 07:14:02 | 00,126,976 | ---- | C] ( ) -- C:\Documents and Settings\admin nahera\Interop.SHDocVw.dll
[2009/11/20 10:44:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/20 08:24:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin nahera\Desktop\Bry
[2009/02/23 11:14:36 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2009/02/23 11:14:36 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2004/11/25 03:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/01 02:05:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/01 01:43:00 | 00,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1292428093-725345543-1003UA.job
[2009/11/30 23:38:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/11/30 21:43:00 | 00,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1292428093-725345543-1003Core.job
[2009/11/30 14:22:27 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/30 14:22:27 | 00,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/30 14:22:27 | 00,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/30 14:20:25 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\admin nahera\񀿉
[2009/11/30 14:18:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/30 14:18:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/30 13:14:53 | 09,175,040 | ---- | M] () -- C:\Documents and Settings\admin nahera\NTUSER.DAT
[2009/11/30 13:14:53 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\admin nahera\ntuser.ini
[2009/11/30 13:14:44 | 04,808,930 | -H-- | M] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\IconCache.db
[2009/11/29 17:50:40 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/11/29 14:25:32 | 00,000,041 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/11/28 14:10:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\admin nahera\Desktop\HijackThis.lnk
[2009/11/28 13:51:20 | 00,355,604 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\cc_20091128_135058.reg
[2009/11/28 13:46:13 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\admin nahera\Desktop\CCleaner.lnk
[2009/11/28 13:31:34 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFixer.lnk
[2009/11/28 13:28:56 | 00,000,324 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFixer.job
[2009/11/28 13:23:01 | 00,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegistryCleaner.job
[2009/11/28 09:47:30 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/28 01:23:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/28 00:22:44 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/28 00:22:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/27 07:14:01 | 00,113,893 | -HS- | M] () -- C:\cbdll.exe
[2009/11/27 07:13:58 | 00,009,728 | -HS- | M] () -- C:\allwin.exe
[2009/11/27 07:13:56 | 00,327,680 | -HS- | M] () -- C:\game.exe
[2009/11/27 07:13:56 | 00,163,840 | ---- | M] () -- C:\WINDOWS\System32\redirs.exe
[2009/11/27 07:13:56 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\db
[2009/11/25 07:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/25 07:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/25 07:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/25 07:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/25 07:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/25 07:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/25 07:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/25 07:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/25 07:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/20 10:29:50 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/20 06:53:16 | 00,069,232 | ---- | M] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/01 02:05:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 14:10:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\admin nahera\Desktop\HijackThis.lnk
[2009/11/28 13:51:03 | 00,355,604 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\cc_20091128_135058.reg
[2009/11/28 13:46:13 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\admin nahera\Desktop\CCleaner.lnk
[2009/11/28 13:28:56 | 00,000,324 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFixer.job
[2009/11/28 13:27:10 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFixer.lnk
[2009/11/28 13:23:01 | 00,000,374 | ---- | C] () -- C:\WINDOWS\tasks\RegistryCleaner.job
[2009/11/28 00:22:44 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/27 07:14:02 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\admin nahera\WindowsApplication2.pdb
[2009/11/27 07:14:02 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\admin nahera\WindowsApplication2.exe
[2009/11/27 07:13:59 | 00,113,893 | -HS- | C] () -- C:\cbdll.exe
[2009/11/27 07:13:57 | 00,009,728 | -HS- | C] () -- C:\allwin.exe
[2009/11/27 07:13:56 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\redirs.exe
[2009/11/27 07:13:56 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\db
[2009/11/27 07:13:51 | 00,327,680 | -HS- | C] () -- C:\game.exe
[2009/10/04 10:23:17 | 00,791,742 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/04 10:23:17 | 00,683,520 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/04 10:23:17 | 00,238,080 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/04 10:23:17 | 00,145,609 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/04 10:23:16 | 00,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/04 10:23:16 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/04 10:23:16 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/04 10:23:16 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/04 10:23:16 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/04 10:23:16 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/04 10:23:16 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/09/06 12:28:18 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/04/11 23:00:42 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/17 03:50:48 | 00,000,104 | ---- | C] () -- C:\Program Files\My Network Places.lnk
[2009/02/23 11:16:12 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/02/06 02:20:02 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/26 13:50:41 | 00,000,170 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/25 06:33:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/01/25 06:31:57 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/31 10:22:44 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 09:52:01 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/04 02:19:51 | 00,002,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/02 19:39:37 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/31 22:26:43 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2008/05/31 22:26:37 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/05/31 22:21:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/31 22:20:36 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/05/31 21:58:20 | 00,910,464 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/31 21:58:20 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/24 19:47:52 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/24 19:40:26 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/23 04:02:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/12/23 03:27:22 | 04,372,922 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/03 22:34:32 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/12/01 19:43:30 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/11/29 18:52:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/01/25 02:08:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/16 13:37:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2005/08/13 05:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/28 02:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 02:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/10/04 01:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/08 06:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/02 18:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Any Video Converter
[2009/11/29 17:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\BitTorrent
[2009/04/27 09:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\FrimaStudio
[2006/01/13 06:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Image Zone Express
[2009/11/15 02:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\MysteryStudio
[2009/04/11 23:35:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\NCH Swift Sound
[2009/03/09 13:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Opera
[2009/01/25 06:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Samsung
[2009/05/02 22:08:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Thinstall
[2008/05/31 21:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\TMP
[2009/09/09 07:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\uTorrent
[2008/05/31 22:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Webshots
[2009/08/31 09:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4p-r9-67-55-p3-26
[2009/09/06 12:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\94-9o-46-2p-3p-r9
[2008/05/31 21:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2008/08/31 14:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/02 13:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/11 23:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/11 08:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/11/28 00:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/04 19:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/07 02:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/28 13:28:56 | 00,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorFixer.job
[2009/11/28 13:23:01 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryCleaner.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/11/27 07:13:58 | 00,009,728 | -HS- | M] () -- C:\allwin.exe
[2009/11/27 07:14:01 | 00,113,893 | -HS- | M] () -- C:\cbdll.exe
[2009/11/27 07:13:56 | 00,327,680 | -HS- | M] () -- C:\game.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/04/14 08:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 07:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004/08/04 07:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/04/14 08:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2004/08/04 07:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004/08/04 07:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 07:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2008/04/14 08:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/07 02:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2009/02/07 02:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/04/14 02:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 13:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 13:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 13:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/14 02:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D303E10
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EDA76B4
< End of report >




Thank you so much for helping. I really appreciate this. :D

#4 janinaji

janinaji
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 30 November 2009 - 01:38 PM

Oh another thing... I don't know if this is still needed but this is also from the OTL:

OTL Extras logfile created on: 12/1/2009 2:21:11 AM - Run 1
OTL by OldTimer - Version 3.1.11.3 Folder = d:\Documents and Settings\admin nahera\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 365.10 Mb Available Physical Memory | 35.99% Memory free
1.87 Gb Paging File | 0.94 Gb Available in Paging File | 50.21% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 14.34 Gb Free Space | 41.96% Space Free | Partition Type: NTFS
Drive D: | 40.35 Gb Total Space | 17.84 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 372.52 Gb Total Space | 64.85 Gb Free Space | 17.41% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ADMIN_NAGERA
Current User Name: admin nahera
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8000:UDP" = 8000:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8001:UDP" = 8001:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8002:UDP" = 8002:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"8003:UDP" = 8003:UDP:*:Enabled:Express Talk RTP Incoming Audio (UDP)
"85:TCP" = 85:TCP:*:Enabled:BroadWave Web Server
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"D:\music\New Folder\CoolPool\CoolPool.exe" = D:\music\New Folder\CoolPool\CoolPool.exe:*:Disabled:Cool Pool. -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"F:\Counter Strike 1.6 Reloaded\hl.exe" = F:\Counter Strike 1.6 Reloaded\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\NCH Swift Sound\Talk\talk.exe" = C:\Program Files\NCH Swift Sound\Talk\talk.exe:*:Disabled:Express Talk -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\music\New Folder\Counter-Strike 1.6\czero.exe" = D:\music\New Folder\Counter-Strike 1.6\czero.exe:*:Enabled:Condition Zero Launcher -- File not found
"D:\music\New Folder\Counter-Strike 1.6\Counter-Strike 1.6\czero.exe" = D:\music\New Folder\Counter-Strike 1.6\Counter-Strike 1.6\czero.exe:*:Enabled:Condition Zero Launcher -- File not found
"D:\music\New Folder\Counter-Strike 1.6\hl.exe" = D:\music\New Folder\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.208_Foxconn Installation Program
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{55EC0C7C-6156-46BC-B1E5-6DCB17959CDE}}_is1" = MS-Errors ErrorFixer 3.2.9
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CB9546E-BF2C-47DE-9DB4-C4364FBE57EC}" = Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85FAB946-C828-46CC-97E1-53BB63D42D57}" = Samsung PC Studio 3
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.64_Foxconn Installation Program
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EAB54EB0-0406-4A2E-9C03-AED2C68EA3B4}" = Sherlock Holmes
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F25CE1FF-5C3C-448C-BDB7-F05F7120C00C}" = Black and White English Audio/Text patch
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AskTBar Uninstall" = Ask Toolbar
"Audio MP3 Sound Recorder" = Audio MP3 Sound Recorder
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Mass Storage Drivers" = Creative Mass Storage Drivers
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"LManager" = Launch Manager
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Murder, She Wrote 1.00" = Murder, She Wrote 1.00
"MuVo Driver" = Creative Mass Storage Drivers
"Player CEREMU Suite" = Player CEREMU Suite
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"Sun Broadband Wireless" = Sun Broadband Wireless
"SysInfo" = Creative System Information
"USB Disk Security_is1" = USB Disk Security 5.1.0.15
"Webshots Desktop" = Webshots Desktop
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/27/2009 10:41:25 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:41:46 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:41:56 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:42:24 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:42:27 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:43:26 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:43:26 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:43:36 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:44:21 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

Error - 8/27/2009 10:44:21 AM | Computer Name = ADMIN_NAGERA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\Autorun.inf failed, 00000005.

[ Application Events ]
Error - 11/24/2009 8:43:06 PM | Computer Name = ADMIN_NAGERA | Source = Google Update | ID = 20
Description =

Error - 11/24/2009 9:43:07 PM | Computer Name = ADMIN_NAGERA | Source = Google Update | ID = 20
Description =

Error - 11/25/2009 10:08:42 AM | Computer Name = ADMIN_NAGERA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 11/27/2009 1:31:15 PM | Computer Name = ADMIN_NAGERA | Source = Application Error | ID = 1000
Description = Faulting application cleantool.exe, version 5.0.0.10, faulting module
cleantool.exe, version 5.0.0.10, fault address 0x000e3731.

Error - 11/28/2009 1:28:58 AM | Computer Name = ADMIN_NAGERA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 errorfixer.exe, P2 3.2.9.1, P3 49918698, P4
errorfixer, P5 3.2.9.1, P6 49918698, P7 10a, P8 105, P9 system.invalidcastexception,
P10 NIL.

Error - 11/28/2009 1:31:42 AM | Computer Name = ADMIN_NAGERA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 errorfixer.exe, P2 3.2.9.1, P3 49918698, P4
errorfixer, P5 3.2.9.1, P6 49918698, P7 10a, P8 105, P9 system.invalidcastexception,
P10 NIL.

Error - 11/28/2009 1:32:06 AM | Computer Name = ADMIN_NAGERA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 errorfixer.exe, P2 3.2.9.1, P3 49918698, P4
errorfixer, P5 3.2.9.1, P6 49918698, P7 10a, P8 105, P9 system.invalidcastexception,
P10 NIL.

Error - 11/28/2009 1:37:27 AM | Computer Name = ADMIN_NAGERA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 errorfixer.exe, P2 3.2.9.1, P3 49918698, P4
errorfixer, P5 3.2.9.1, P6 49918698, P7 10a, P8 105, P9 system.invalidcastexception,
P10 NIL.

Error - 11/28/2009 1:56:05 AM | Computer Name = ADMIN_NAGERA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 errorfixer.exe, P2 3.2.9.1, P3 49918698, P4
errorfixer, P5 3.2.9.1, P6 49918698, P7 10a, P8 105, P9 system.invalidcastexception,
P10 NIL.

Error - 11/30/2009 5:06:50 AM | Computer Name = ADMIN_NAGERA | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 errorfixer.exe, P2 3.2.9.1, P3 49918698, P4
errorfixer, P5 3.2.9.1, P6 49918698, P7 10a, P8 105, P9 system.invalidcastexception,
P10 NIL.

[ OSession Events ]
Error - 10/15/2008 8:52:06 AM | Computer Name = ADMIN_NAHERA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1717
seconds with 840 seconds of active time. This session ended with a crash.

Error - 10/26/2008 4:47:06 PM | Computer Name = ADMIN_NAHERA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2907
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 1/7/2009 3:13:01 AM | Computer Name = ADMIN_NAHERA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3914
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 1/29/2006 9:02:49 PM | Computer Name = ADMIN_NAGERA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1675 seconds with 1500 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 11/29/2009 12:09:06 AM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/29/2009 1:33:25 AM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 11/29/2009 1:34:43 AM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/29/2009 6:23:17 AM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 11/29/2009 6:24:37 AM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/29/2009 9:35:46 PM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 11/29/2009 9:37:06 PM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/30/2009 2:18:27 AM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 11/30/2009 2:19:47 AM | Computer Name = ADMIN_NAGERA | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/30/2009 11:21:29 AM | Computer Name = ADMIN_NAGERA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}


< End of report >

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 30 November 2009 - 06:05 PM

Yes, that's everything I needed to see.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [redirs.exe] C:\WINDOWS\system32\redirs.exe ()
    O4 - HKLM..\Run: [restrictanonymous] Reg Error: Invalid data type. File not found
    O4 - HKLM..\Run: [restrictanonymoussam] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunServices: [Light Drv ] C:\DOCUME~1\ADMINN~1\LOCALS~1\Temp\hklhost.exe File not found
    O33 - MountPoints2\{05fd81fd-17dc-11de-85c7-001d72199a77}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
    O33 - MountPoints2\{05fd81fd-17dc-11de-85c7-001d72199a77}\Shell\Open\Command - "" = wscript.exe sowar.vbs
    O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\auto\command - "" = H:\Scrap
    O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\explore\command - "" = H:\Scrap
    O33 - MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\Shell\open\command - "" = H:\Scrap
    O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\auto\command - "" = Scrap
    O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\explore\command - "" = Scrap
    O33 - MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\Shell\open\command - "" = Scrap
    O33 - MountPoints2\{2f6ced97-394e-11de-862f-001d72199a77}\Shell\AutoRun\command - "" = wscript.exe sowar.vbs
    O33 - MountPoints2\{2f6ced97-394e-11de-862f-001d72199a77}\Shell\Open\Command - "" = wscript.exe sowar.vbs
    O33 - MountPoints2\{3261bc26-2ed8-11dd-8702-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
    O33 - MountPoints2\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\Shell\AutoRun\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
    O33 - MountPoints2\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\Shell\open\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe
    O33 - MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
    O33 - MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\Shell\AutoRun\command - "" = bar311.exe %1
    O33 - MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\Shell\Explore\command - "" = bar311.exe %1
    O33 - MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\Shell\Open\command - "" = bar311.exe %1
    O33 - MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\Shell\Explore\command - "" = F:\system.exe -- File not found
    O33 - MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\Shell\Open\command - "" = F:\system.exe -- File not found
    O33 - MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{a1314826-f3b9-11dd-a644-001d72199a77}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
    O33 - MountPoints2\{a1314826-f3b9-11dd-a644-001d72199a77}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
    O33 - MountPoints2\{ac3bd1d8-bd76-11dd-a5c7-001d72199a77}\Shell\AutoRun\command - "" = PCTeam Rulez.exe
    O33 - MountPoints2\{c4062700-a204-11de-86e8-001d72199a77}\Shell\AutoRun\command - "" = ph.exe
    O33 - MountPoints2\{c4062700-a204-11de-86e8-001d72199a77}\Shell\open\Command - "" = ph.exe
    O33 - MountPoints2\{cbd3135e-9b24-11dd-a584-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{cbd3135e-9b24-11dd-a584-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e1bda7fe-7623-11dd-a51e-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{e1bda7fe-7623-11dd-a51e-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\Shell\AutoRun\command - "" = wscript.exe solution.vbs
    O33 - MountPoints2\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\Shell\Open\Command - "" = wscript.exe solution.vbs
    O33 - MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
    O33 - MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
    O33 - MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
    O33 - MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\Shell - "" = AutoRun
    O33 - MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\Shell - "" = AutoRun
    O33 - MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e95bb18c-8922-11de-86bc-001d72199a77}\Shell\AutoRun\command - "" = wscript.exe solution.vbs
    O33 - MountPoints2\{e95bb18c-8922-11de-86bc-001d72199a77}\Shell\Open\Command - "" = wscript.exe solution.vbs
    [2009/11/27 07:14:01 | 00,113,893 | -HS- | M] () -- C:\cbdll.exe
    [2009/11/27 07:13:58 | 00,009,728 | -HS- | M] () -- C:\allwin.exe
    [2009/11/27 07:13:56 | 00,327,680 | -HS- | M] () -- C:\game.exe
    [2009/11/27 07:13:56 | 00,163,840 | ---- | M] () -- C:\WINDOWS\System32\redirs.exe
    [2009/11/27 07:13:56 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\db
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

====================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 janinaji

janinaji
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 01 December 2009 - 10:11 AM

Okay, I抦 not sure if I followed all your instructions well but here is the OTL log after the reboot:

All processes killed
Error: Unable to interpret <CODE> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\redirs.exe deleted successfully.
C:\WINDOWS\system32\redirs.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\restrictanonymous deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\restrictanonymoussam deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\Light Drv not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05fd81fd-17dc-11de-85c7-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05fd81fd-17dc-11de-85c7-001d72199a77}\ not found.
File wscript.exe sowar.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05fd81fd-17dc-11de-85c7-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05fd81fd-17dc-11de-85c7-001d72199a77}\ not found.
File wscript.exe sowar.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a28d244-83c4-11da-8668-001d72199a77}\ not found.
File H:\Scrap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a28d244-83c4-11da-8668-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a28d244-83c4-11da-8668-001d72199a77}\ not found.
File H:\Scrap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a28d244-83c4-11da-8668-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a28d244-83c4-11da-8668-001d72199a77}\ not found.
File H:\Scrap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e80852c-18c1-11de-85ca-001d72199a77}\ not found.
File Scrap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e80852c-18c1-11de-85ca-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e80852c-18c1-11de-85ca-001d72199a77}\ not found.
File Scrap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e80852c-18c1-11de-85ca-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e80852c-18c1-11de-85ca-001d72199a77}\ not found.
File Scrap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f6ced97-394e-11de-862f-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f6ced97-394e-11de-862f-001d72199a77}\ not found.
File wscript.exe sowar.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f6ced97-394e-11de-862f-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f6ced97-394e-11de-862f-001d72199a77}\ not found.
File wscript.exe sowar.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3261bc26-2ed8-11dd-8702-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3261bc26-2ed8-11dd-8702-806d6172696f}\ not found.
D:\setupSNK.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55ae33f8-812c-11da-8679-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55ae33f8-812c-11da-8679-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55ae33f8-812c-11da-8679-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55ae33f8-812c-11da-8679-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{587f4b12-8a01-11de-86be-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{587f4b12-8a01-11de-86be-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{587f4b12-8a01-11de-86be-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{587f4b12-8a01-11de-86be-001d72199a77}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\ not found.
File C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c7d845a-0846-11de-85a1-a11ac2241b8d}\ not found.
File C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73332626-8b00-11da-86ab-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73332626-8b00-11da-86ab-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73332626-8b00-11da-86ab-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73332626-8b00-11da-86ab-001d72199a77}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7765d42b-4536-11de-864b-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7765d42b-4536-11de-864b-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7765d42b-4536-11de-864b-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7765d42b-4536-11de-864b-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d6c6e-8129-11da-8662-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d6c6e-8129-11da-8662-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a7d6c6e-8129-11da-8662-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d6c6e-8129-11da-8662-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f3728a3-3599-11de-8626-001d72199a77}\ not found.
File bar311.exe %1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f3728a3-3599-11de-8626-001d72199a77}\ not found.
File bar311.exe %1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f3728a3-3599-11de-8626-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f3728a3-3599-11de-8626-001d72199a77}\ not found.
File bar311.exe %1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92b93852-fde2-11dd-a662-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92b93852-fde2-11dd-a662-001d72199a77}\ not found.
File F:\system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92b93852-fde2-11dd-a662-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92b93852-fde2-11dd-a662-001d72199a77}\ not found.
File F:\system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfafe76-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfafe76-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfafe76-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfafe76-39f7-11de-8632-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfafe79-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfafe79-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cfafe79-39f7-11de-8632-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cfafe79-39f7-11de-8632-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1314826-f3b9-11dd-a644-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1314826-f3b9-11dd-a644-001d72199a77}\ not found.
File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1314826-f3b9-11dd-a644-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1314826-f3b9-11dd-a644-001d72199a77}\ not found.
File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac3bd1d8-bd76-11dd-a5c7-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac3bd1d8-bd76-11dd-a5c7-001d72199a77}\ not found.
File PCTeam Rulez.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4062700-a204-11de-86e8-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4062700-a204-11de-86e8-001d72199a77}\ not found.
File ph.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4062700-a204-11de-86e8-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4062700-a204-11de-86e8-001d72199a77}\ not found.
File ph.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbd3135e-9b24-11dd-a584-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbd3135e-9b24-11dd-a584-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbd3135e-9b24-11dd-a584-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbd3135e-9b24-11dd-a584-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfe5b4fe-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfe5b4fe-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe5b4fe-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfe5b4fe-813a-11da-867a-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfe5b501-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfe5b501-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe5b501-813a-11da-867a-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfe5b501-813a-11da-867a-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1968658-83b8-11da-8685-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1968658-83b8-11da-8685-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1968658-83b8-11da-8685-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1968658-83b8-11da-8685-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1bda7fe-7623-11dd-a51e-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1bda7fe-7623-11dd-a51e-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1bda7fe-7623-11dd-a51e-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1bda7fe-7623-11dd-a51e-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\ not found.
File wscript.exe solution.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb612-8d4e-11da-8694-0017c4162f1e}\ not found.
File wscript.exe solution.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb613-8d4e-11da-8694-a0e8c46def13}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb614-8d4e-11da-8694-a0e8c46def13}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb615-8d4e-11da-8694-a0e8c46def13}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2bfb61a-8d4e-11da-8694-a0e8c46def13}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562ae8-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562ae8-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562ae8-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562ae8-8384-11da-86a3-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562ae9-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562ae9-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562ae9-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562ae9-8384-11da-86a3-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aea-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aea-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aea-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aea-8384-11da-86a3-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aeb-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aeb-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aeb-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aeb-8384-11da-86a3-001d72199a77}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aee-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aee-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4562aee-8384-11da-86a3-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4562aee-8384-11da-86a3-001d72199a77}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e95bb18c-8922-11de-86bc-001d72199a77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e95bb18c-8922-11de-86bc-001d72199a77}\ not found.
File wscript.exe solution.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e95bb18c-8922-11de-86bc-001d72199a77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e95bb18c-8922-11de-86bc-001d72199a77}\ not found.
File wscript.exe solution.vbs not found.
C:\cbdll.exe moved successfully.
C:\allwin.exe moved successfully.
C:\game.exe moved successfully.
File C:\WINDOWS\System32\redirs.exe not found.
C:\WINDOWS\system32\db moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin nahera
->Temp folder emptied: 1862732600 bytes
->Temporary Internet Files folder emptied: 84314936 bytes
->FireFox cache emptied: 50595909 bytes
->Google Chrome cache emptied: 205627273 bytes
->Apple Safari cache emptied: 204552360 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2936317 bytes
->FireFox cache emptied: 3103622 bytes
->Google Chrome cache emptied: 6253876 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1264056 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 894947977 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = -931.13 mb


OTL by OldTimer - Version 3.1.11.4 log created on 12012009_214852

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_738.dat not found!

Registry entries deleted on Reboot...









Then I opened OTL again as you told me and clicked Quick Scan. Am I right? Or should I paste again something on the CustomScans/Fixes box and click Run Fix? Anway, the Quick Scan result was this:








OTL logfile created on: 12/1/2009 10:05:12 PM - Run 2
OTL by OldTimer - Version 3.1.11.4 Folder = d:\Documents and Settings\admin nahera\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 393.99 Mb Available Physical Memory | 38.84% Memory free
1.87 Gb Paging File | 1.25 Gb Available in Paging File | 66.83% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 17.33 Gb Free Space | 50.70% Space Free | Partition Type: NTFS
Drive D: | 40.35 Gb Total Space | 17.83 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN_NAGERA
Current User Name: admin nahera
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/01 21:55:44 | 00,535,552 | ---- | M] (OldTimer Tools) -- d:\Documents and Settings\admin nahera\My Documents\Downloads\OTL (1).exe
PRC - [2009/11/25 07:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 07:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 07:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 07:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 07:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/12 07:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/12 10:26:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/17 03:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 03:58:09 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/09/23 17:21:28 | 00,798,720 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2008/03/26 18:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/03/26 13:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/26 12:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/26 12:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/26 12:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/08/24 08:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/24 08:36:30 | 00,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/07/12 09:52:18 | 00,846,344 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/06/24 15:41:16 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2007/06/24 15:38:36 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/21 04:57:36 | 00,142,104 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/04/21 04:57:32 | 00,252,696 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/04/21 04:57:30 | 00,138,008 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/04/21 04:57:26 | 00,166,680 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/21 04:57:20 | 00,162,584 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/04/13 08:33:10 | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/01/20 03:49:30 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2006/10/06 01:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/01/26 07:14:44 | 01,646,592 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\webshots.scr
PRC - [2005/04/02 17:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/08/04 07:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/01 21:55:44 | 00,535,552 | ---- | M] (OldTimer Tools) -- d:\Documents and Settings\admin nahera\My Documents\Downloads\OTL (1).exe
MOD - [2009/07/12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 00,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/03/06 04:33:26 | 00,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 00,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 00,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2007/06/24 15:40:33 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2007/06/24 15:38:48 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2006/05/04 14:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/04 05:31:44 | 00,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NMIndexingService)
SRV - [2009/11/25 07:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 07:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 07:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 07:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/16 02:45:56 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/03/26 13:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/26 12:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/02/29 03:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/29 03:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/08/24 08:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/27 05:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/06 01:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/02 17:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [1999/12/13 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\S-1-5-21-1214440339-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\S-1-5-21-1214440339-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\S-1-5-21-1214440339-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy7.up.edu.ph:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e0c7b854-d5ce-4db6-9804-be1438603d89}:2.0.4.1
FF - prefs.js..network.proxy.http: "proxy7.up.edu.ph"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/02/17 00:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Mozilla\Extensions
[2009/08/31 19:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Mozilla\Firefox\Profiles\3yo8wqhu.default\extensions
[2009/05/21 10:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Mozilla\Firefox\Profiles\3yo8wqhu.default\extensions\{e0c7b854-d5ce-4db6-9804-be1438603d89}

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EnableDCOM] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [Google Update] C:\Documents and Settings\admin nahera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [PCKitchenRegistryCleaner] C:\Program Files\PC-Kitchen\RegistryCleaner\RegistryCleaner.exe File not found
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - HKLM..\RunServices: [Light Drv ] C:\DOCUME~1\ADMINN~1\LOCALS~1\Temp\hklhost.exe File not found
O4 - Startup: C:\Documents and Settings\admin nahera\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 1
O7 - HKU\S-1-5-21-1214440339-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = c:\windows\system32\winx86.dll.js File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/31 21:31:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/25 11:43:44 | 00,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/01 02:05:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/01 02:05:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 02:05:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/28 14:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/28 13:53:37 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\admin nahera\Recent
[2009/11/28 13:46:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/11/28 13:46:12 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/28 13:27:10 | 00,000,000 | ---D | C] -- C:\Program Files\MS-Errors
[2009/11/28 13:19:22 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/11/28 13:18:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/11/28 13:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\PC-Kitchen
[2009/11/28 00:22:44 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/28 00:22:44 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/28 00:22:43 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/28 00:22:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/28 00:22:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/28 00:22:41 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/28 00:22:41 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/28 00:22:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/28 00:22:21 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/27 07:14:02 | 00,126,976 | ---- | C] ( ) -- C:\Documents and Settings\admin nahera\Interop.SHDocVw.dll
[2009/11/20 10:44:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/20 08:24:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin nahera\Desktop\Bry
[2009/02/23 11:14:36 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2009/02/23 11:14:36 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2004/11/25 03:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

========== Files - Modified Within 14 Days ==========

[2009/12/01 21:54:46 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/01 21:54:46 | 00,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/01 21:54:46 | 00,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/01 21:53:58 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\admin nahera\Desktop\Microsoft Office Word 2007.lnk
[2009/12/01 21:53:07 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\admin nahera\񀿉
[2009/12/01 21:50:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/01 21:50:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/01 21:49:39 | 09,175,040 | ---- | M] () -- C:\Documents and Settings\admin nahera\NTUSER.DAT
[2009/12/01 21:49:39 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\admin nahera\ntuser.ini
[2009/12/01 21:43:00 | 00,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1292428093-725345543-1003UA.job
[2009/12/01 21:43:00 | 00,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1292428093-725345543-1003Core.job
[2009/12/01 20:54:54 | 04,811,652 | -H-- | M] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\IconCache.db
[2009/12/01 19:31:19 | 00,761,856 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\SURGERY FINAL.doc
[2009/12/01 19:31:05 | 00,684,544 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\PREVENTIVE final.doc
[2009/12/01 19:30:39 | 00,114,688 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\PHYSIOLOGY - FINAL.doc
[2009/12/01 19:30:12 | 00,317,952 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\Pharma Final.doc
[2009/12/01 19:29:53 | 00,284,160 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\PEDIA FINAL.doc
[2009/12/01 19:29:37 | 00,851,456 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\PATHOLOGY final.doc
[2009/12/01 19:29:06 | 00,118,126 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\ANATOMY final.docx
[2009/12/01 19:28:38 | 00,356,864 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\OB -GYNE FINAL.doc
[2009/12/01 19:28:05 | 00,371,712 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\Micro - Para FINAL.doc
[2009/12/01 19:27:03 | 00,081,674 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\MEDICINE FINAL.docx
[2009/12/01 09:38:44 | 02,137,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/01 02:05:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 23:38:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/11/29 17:50:40 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/11/29 14:25:32 | 00,000,041 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/11/28 14:10:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\admin nahera\Desktop\HijackThis.lnk
[2009/11/28 13:51:20 | 00,355,604 | ---- | M] () -- d:\Documents and Settings\admin nahera\My Documents\cc_20091128_135058.reg
[2009/11/28 13:46:13 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\admin nahera\Desktop\CCleaner.lnk
[2009/11/28 13:31:34 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFixer.lnk
[2009/11/28 13:28:56 | 00,000,324 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFixer.job
[2009/11/28 13:23:01 | 00,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegistryCleaner.job
[2009/11/28 09:47:30 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/28 01:23:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/28 00:22:44 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/28 00:22:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/25 07:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/25 07:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/25 07:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/25 07:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/25 07:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/25 07:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/25 07:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/25 07:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/25 07:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/20 10:29:50 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/20 06:53:16 | 00,069,232 | ---- | M] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2009/12/01 19:31:17 | 00,761,856 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\SURGERY FINAL.doc
[2009/12/01 19:31:03 | 00,684,544 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\PREVENTIVE final.doc
[2009/12/01 19:30:39 | 00,114,688 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\PHYSIOLOGY - FINAL.doc
[2009/12/01 19:30:11 | 00,317,952 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\Pharma Final.doc
[2009/12/01 19:29:52 | 00,284,160 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\PEDIA FINAL.doc
[2009/12/01 19:29:35 | 00,851,456 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\PATHOLOGY final.doc
[2009/12/01 19:29:05 | 00,118,126 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\ANATOMY final.docx
[2009/12/01 19:28:37 | 00,356,864 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\OB -GYNE FINAL.doc
[2009/12/01 19:28:04 | 00,371,712 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\Micro - Para FINAL.doc
[2009/12/01 19:27:02 | 00,081,674 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\MEDICINE FINAL.docx
[2009/12/01 02:05:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/28 14:10:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\admin nahera\Desktop\HijackThis.lnk
[2009/11/28 13:51:03 | 00,355,604 | ---- | C] () -- d:\Documents and Settings\admin nahera\My Documents\cc_20091128_135058.reg
[2009/11/28 13:46:13 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\admin nahera\Desktop\CCleaner.lnk
[2009/11/28 13:28:56 | 00,000,324 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFixer.job
[2009/11/28 13:27:10 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFixer.lnk
[2009/11/28 13:23:01 | 00,000,374 | ---- | C] () -- C:\WINDOWS\tasks\RegistryCleaner.job
[2009/11/28 00:22:44 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/27 07:14:02 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\admin nahera\WindowsApplication2.pdb
[2009/11/27 07:14:02 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\admin nahera\WindowsApplication2.exe
[2009/10/04 10:23:17 | 00,791,742 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/04 10:23:17 | 00,683,520 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/04 10:23:17 | 00,238,080 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/04 10:23:17 | 00,145,609 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/04 10:23:16 | 00,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/04 10:23:16 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/04 10:23:16 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/04 10:23:16 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/04 10:23:16 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/04 10:23:16 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/04 10:23:16 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/09/06 12:28:18 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/04/11 23:00:42 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/03/17 03:50:48 | 00,000,104 | ---- | C] () -- C:\Program Files\My Network Places.lnk
[2009/02/23 11:16:12 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/02/06 02:20:02 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/01/26 13:50:41 | 00,000,170 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/25 06:33:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/01/25 06:31:57 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/31 10:22:44 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\admin nahera\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 09:52:01 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/04 02:19:51 | 00,002,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/02 19:39:37 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/31 22:26:43 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2008/05/31 22:26:37 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/05/31 22:21:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/31 22:20:36 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/05/31 21:58:20 | 00,910,464 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/31 21:58:20 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/24 19:47:52 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/24 19:40:26 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/23 04:02:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/12/23 03:27:22 | 04,372,922 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/03 22:34:32 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/12/01 19:43:30 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/11/29 18:52:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/01/25 02:08:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/16 13:37:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2005/08/13 05:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/28 02:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/28 02:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/10/04 01:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/08 06:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/02/02 18:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Any Video Converter
[2009/11/29 17:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\BitTorrent
[2009/04/27 09:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\FrimaStudio
[2006/01/13 06:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Image Zone Express
[2009/11/15 02:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\MysteryStudio
[2009/04/11 23:35:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\NCH Swift Sound
[2009/03/09 13:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Opera
[2009/01/25 06:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Samsung
[2009/05/02 22:08:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Thinstall
[2008/05/31 21:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\TMP
[2009/09/09 07:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\uTorrent
[2008/05/31 22:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin nahera\Application Data\Webshots
[2009/08/31 09:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4p-r9-67-55-p3-26
[2009/09/06 12:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\94-9o-46-2p-3p-r9
[2008/05/31 21:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2008/08/31 14:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/02 13:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/11 23:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/11 08:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/11/28 00:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/04 19:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/09/07 02:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/28 13:28:56 | 00,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorFixer.job
[2009/11/28 13:23:01 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryCleaner.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D303E10
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EDA76B4
< End of report >






I also clicked Scan All users in that scan but there is no 揈xtras log this time.






Finally, this is the ESET Online Scanner log.





ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.20583 (vista_ldr.070420-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=87816c47f8adbd4993e98a1cf594bfa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-01 03:03:18
# local_time=2009-12-01 11:03:18 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775125 100 98 2199 195962510 0 0
# compatibility_mode=1024 16777215 100 0 24209663 24209663 0 0
# compatibility_mode=8192 67108863 100 0 627 627 0 0
# scanned=64924
# found=3
# cleaned=3
# scan_time=2045
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 01 December 2009 - 05:58 PM

Looks much better. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 janinaji

janinaji
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 01 December 2009 - 07:28 PM

Yeah, I didn't notice the last time, but the popup isn't there anymore. Thank you, Sam!! Thank you so much!!! :(

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 02 December 2009 - 08:52 AM

Excellent! :(

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 janinaji

janinaji
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 16 December 2009 - 12:17 PM

Hi. Sorry for the late reply.

I already did step # 1 before. I also have avast antivirus installed and it updates automatically when the laptop is on and connected to the Internet. The Windows firewall is also on, although I'm not sure if it's functioning well. My Windows update is already set to automatic so I think there's no problem. I just don't know if it also includes security updates. About the Spybot and SpywareBlaster, the sites provide only the trial version. Does that mean that I really have no choice but to spend money for that?


Thank you so much. You've been helping a lot.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 16 December 2009 - 06:16 PM

No, both Spybot and Spywareblaster are free. I just visited both sites and see the free version available for both.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 26 December 2009 - 08:17 PM

Now that your problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users