Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Skype's End-to-End Encryption Goes Live

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

online banking requesting confidentail info

Started by lazarodato , Mar 01 2010 02:13 AM

  • This topic is locked This topic is locked
11 replies to this topic

#1 lazarodato

lazarodato

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 01 March 2010 - 02:13 AM

hello,
I followed last week the instructions to get rid of antivirus soft virus. it seemed to work excellent when i completed the process on thurday night. but on saturday when attempting to access online banking my account asked me for information such as car number, security number, social security, expiration date, pin number, etc.

That is just not possible. so i want to know if i am still infected or if it just a bunch of errors in the computer.

thanks.


here is the dds.
the gmer program continued to freeze after a while and i had to restart the computer 4 times so i don't know if the ark.txt is correct. let me know if you need me to run ti again.




DDS (Ver_09-12-01.01) - NTFSx86
Run by LAZARO B. SARDIN at 16:56:32.31 on Sat 02/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.133 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: XAÜ - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - No File
BHO: {8B9ED985-4EDD-47F9-8E89-19A8610C27BC} - No File
BHO: {C3FAAA13-618C-6978-D85D-48E672820DB0} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
EB: {1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} - No File
EB: {1ED6A320-8AF3-4f06-868A-9BA95585712E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - hxxp://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38090.6869791667
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lazaro~2.sar\applic~1\mozilla\firefox\profiles\jdvvl8c2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - blank
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\lazaro b. sardin\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\lazaro b. sardin\application data\mozilla\firefox\profiles\jdvvl8c2.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000005.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2004-5-10 19478]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-22 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-30 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-22 360584]
R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [2004-6-19 62023]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2004-5-10 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2004-5-10 430670]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-28 285392]
R3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [2004-6-19 4538]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2004-5-10 64093]
S2 yjiupokwosb3j;Print Spooler Service;c:\windows\system32\hrjgqt.exe /service --> c:\windows\system32\hrjgqt.exe [?]
S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [2004-6-19 5493]
S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [2004-6-19 19414]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [2004-6-19 128248]
S3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [2004-6-19 8333]

=============== Created Last 30 ================


==================== Find3M ====================

2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-12-09 19:50:55 10 ----a-w- c:\program files\.autoreg
2001-07-27 00:58:46 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 20:46:44 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 23:36:42 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 22:22:14 1437 ----a-w- c:\program files\gtx73.ini

============= FINISH: 16:57:56.14 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:26 PM

Posted 06 March 2010 - 05:33 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:At home
  • Local time:10:26 PM

Posted 06 March 2010 - 05:36 PM

crosspost

Edited by myrti, 06 March 2010 - 05:42 PM.
syler is to quick for me :p

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+

#4 lazarodato

lazarodato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 09 March 2010 - 02:10 AM

thanks in advance for the help.

Here is the OTL.txt:


OTL logfile created on: 3/8/2010 9:37:51 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.78 Gb Total Space | 18.19 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
Drive D: | 3.90 Gb Total Space | 1.98 Gb Free Space | 50.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITZU
Current User Name: LAZARO B. SARDIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/08 21:35:36 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS\OTL.exe
PRC - [2010/01/01 23:25:15 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/13 09:31:32 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/13 09:31:31 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/28 15:53:08 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/28 15:53:05 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/28 15:52:47 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/09 16:16:10 | 000,090,112 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe


========== Modules (SafeList) ==========

MOD - [2010/03/08 21:35:36 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (yjiupokwosb3j)
SRV - File not found [Disabled | Stopped] -- -- (AOL ACS)
SRV - [2009/11/28 15:52:47 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/11/28 15:54:06 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/28 15:53:57 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/28 15:53:57 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/06/18 07:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2004/08/03 21:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/07/01 16:23:12 | 000,634,798 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf2.sys -- (sonypvf2)
DRV - [2003/07/01 16:12:32 | 000,430,670 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt2.sys -- (sonypvt2)
DRV - [2003/06/24 09:29:36 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2)
DRV - [2003/06/18 03:21:08 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl2.sys -- (sonypvl2)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/30 03:20:36 | 000,019,414 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bppnpdrv.sys -- (bppnpdrv)
DRV - [2002/10/30 03:20:08 | 000,128,248 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bpusbdrv.sys -- (bpusbdrv)
DRV - [2002/10/30 03:13:36 | 000,008,333 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bpusbflt.sys -- (bpusbflt)
DRV - [2002/10/30 03:13:26 | 000,004,538 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bpflt.sys -- (bpflt)
DRV - [2002/10/30 03:13:14 | 000,062,023 | R--- | M] (Micro Solutions, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bpfinder.sys -- (bpfinder)
DRV - [2002/10/30 03:12:48 | 000,005,493 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bppccard.sys -- (bppccard)
DRV - [2002/06/10 13:20:50 | 000,039,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2001/08/17 04:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:blank
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "blank"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000005
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/13 09:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/16 17:59:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/04 23:57:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 23:57:31 | 000,000,000 | ---D | M]

[2008/09/08 13:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Extensions
[2010/03/03 02:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Firefox\Profiles\jdvvl8c2.default\extensions
[2009/07/01 18:22:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Firefox\Profiles\jdvvl8c2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/04 19:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Firefox\Profiles\jdvvl8c2.default\extensions\moveplayer@movenetworks.com
[2010/03/08 17:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/09 11:50:52 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\ffwt.dll

O1 HOSTS File: ([2007/12/28 02:02:56 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - No CLSID value found.
O2 - BHO: (no name) - {8B9ED985-4EDD-47F9-8E89-19A8610C27BC} - No CLSID value found.
O2 - BHO: (no name) - {C3FAAA13-618C-6978-D85D-48E672820DB0} - No CLSID value found.
O2 - BHO: (no name) - XAÜ - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [srmclean] C:\CPQS\scom\srmclean.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\YOLANDA B. SARDIN\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O15 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8090.6869791667 (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - C:\Program Files\Online Services\disohdob.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 15:16:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\Shell\Explore\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\Shell\Open\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\Shell - "" = AutoRun
O33 - MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\Shell - "" = AutoRun
O33 - MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/04/02 15:15:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "WmcCdsLs"
MsConfig - Services: "WmcCds"
MsConfig - Services: "LexBceS"
MsConfig - Services: "AOL TopSpeedMonitor"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "mnmsrvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe - (Logitech)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: AIM - hkey= - key= - C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
MsConfig - StartUpReg: AOL Fast Start - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AOLDialer - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HostManager - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MessengerPlus3 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56016913389584384)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 23:31:21 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Firefox Setup 3.6.exe
[2010/02/27 05:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS
[2010/02/27 03:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\AVG9
[2010/02/27 02:21:06 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\mbam-setup.exe
[2010/02/27 01:02:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LAZARO B. SARDIN\IECompatCache
[2010/02/25 03:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\UPWARD BOUND PHOTOS
[2010/02/25 02:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\wtoivj
[2010/02/19 21:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\FOTOS
[2010/02/18 15:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\IRS TAXES 2009
[2009/11/28 15:47:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/28 15:47:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/24 08:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/30 01:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/29 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/10/15 12:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2007/10/15 12:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/10/15 12:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/01/14 21:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/08 21:23:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/08 21:23:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/08 21:22:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/08 21:22:56 | 536,334,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/08 19:56:56 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\NTUSER.DAT
[2010/03/08 19:54:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\ntuser.ini
[2010/03/08 19:00:00 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\AECC795C918FE948.job
[2010/03/08 19:00:00 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\A8857F8D918AF08D.job
[2010/03/08 19:00:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\A88ED193918947D3.job
[2010/03/08 16:57:22 | 056,909,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/07 03:55:26 | 003,773,282 | -H-- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\IconCache.db
[2010/03/04 23:57:39 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/04 23:33:55 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Firefox Setup 3.6.exe
[2010/02/27 16:51:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\defogger_reenable
[2010/02/27 02:21:25 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\mbam-setup.exe
[2010/02/27 00:27:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/25 22:53:44 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\rkill.com
[2010/02/25 03:34:13 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\para Lazarito de coralito.doc
[2010/02/25 03:09:54 | 000,078,858 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\l_492081e541af4fa99bdb00e2975c1cce.jpg
[2010/02/25 03:07:54 | 000,026,802 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\coral 23.jpg
[2010/02/25 03:01:24 | 000,056,216 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Coral graduation.jpg
[2010/02/25 03:00:35 | 000,057,957 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Kitzia me and gibran.jpg
[2010/02/25 02:57:14 | 000,037,900 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\karla and I.jpg
[2010/02/24 01:45:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 23:10:07 | 000,028,576 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lcs_exp_chart.pdf
[2010/02/23 23:08:41 | 000,027,773 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lpcc_info.pdf
[2010/02/23 01:10:41 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\EBSW Search Activities Log.doc
[2010/02/22 21:40:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/22 17:35:08 | 000,601,600 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\product.doc
[2010/02/21 22:14:44 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR 1.xls
[2010/02/21 22:06:32 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR2.xls
[2010/02/20 01:23:17 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Group Process Feedback Form.doc
[2010/02/10 22:03:07 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Resources and Information for SW 632.doc
[2010/02/09 00:40:06 | 002,668,296 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\article 8.pdf
[2010/02/08 23:21:30 | 000,175,709 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\article 3.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/23 14:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 15:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2010/02/27 16:51:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\defogger_reenable
[2010/02/26 08:54:24 | 536,334,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 22:53:43 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\rkill.com
[2010/02/25 03:34:13 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\para Lazarito de coralito.doc
[2010/02/25 03:09:54 | 000,078,858 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\l_492081e541af4fa99bdb00e2975c1cce.jpg
[2010/02/25 03:07:49 | 000,026,802 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\coral 23.jpg
[2010/02/25 03:01:23 | 000,056,216 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Coral graduation.jpg
[2010/02/25 03:00:35 | 000,057,957 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Kitzia me and gibran.jpg
[2010/02/25 02:57:10 | 000,037,900 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\karla and I.jpg
[2010/02/23 23:10:07 | 000,028,576 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lcs_exp_chart.pdf
[2010/02/23 23:08:41 | 000,027,773 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lpcc_info.pdf
[2010/02/23 01:10:40 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\EBSW Search Activities Log.doc
[2010/02/22 21:40:14 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/22 21:40:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/22 17:34:57 | 000,601,600 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\product.doc
[2010/02/21 22:06:32 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR2.xls
[2010/02/21 22:05:59 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR 1.xls
[2010/02/20 01:23:17 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Group Process Feedback Form.doc
[2010/02/10 20:07:11 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Resources and Information for SW 632.doc
[2010/02/09 00:39:49 | 002,668,296 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\article 8.pdf
[2010/02/08 23:21:30 | 000,175,709 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\article 3.pdf
[2010/01/16 11:10:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/13 23:48:56 | 000,000,010 | ---- | C] () -- C:\Program Files\.autoreg
[2007/07/03 19:32:23 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/04 17:58:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/09/04 12:26:58 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System32\CM_SUPPORT.INI
[2006/08/28 19:05:48 | 000,008,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/07/13 18:07:53 | 000,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/25 21:39:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/26 18:00:55 | 000,000,126 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2005/01/14 21:59:47 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2004/12/17 18:46:40 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\fusioncache.dat
[2004/09/24 15:08:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/24 13:13:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/08/24 07:51:22 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2004/08/24 07:50:07 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/08/24 07:49:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2004/06/19 12:31:28 | 000,002,923 | R--- | C] () -- C:\WINDOWS\System32\bpinst.dll
[2004/05/24 20:40:45 | 000,000,588 | ---- | C] () -- C:\WINDOWS\ColorFax.ini
[2004/05/10 15:08:06 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/08 20:48:05 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2004/04/08 20:48:05 | 000,050,531 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2004/04/08 20:36:51 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2004/04/08 20:11:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 15:32:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/02 15:30:23 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2004/04/02 15:28:59 | 000,000,758 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/07/14 11:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/11 23:42:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXARICO.DLL
[2001/10/11 23:42:49 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/25 11:43:28 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/25 11:43:03 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2001/08/25 11:43:03 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2001/08/25 11:43:03 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2001/08/25 11:43:03 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2001/08/25 11:43:03 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/07/20 10:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/12/05 14:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/01/11 12:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini
[1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/10/11 12:14:11 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/03 22:42:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/11 12:14:11 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/07/03 22:42:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 05:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/10/11 12:14:11 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/03 22:42:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/10/11 12:14:11 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/07/03 22:42:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/03 23:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Files - Unicode (All) ==========
[2007/12/28 00:02:53 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2007/12/28 00:02:53 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2007/12/28 00:02:52 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\аssembly
[2007/12/28 00:02:52 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\аssembly
[2007/12/26 02:58:53 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2007/12/26 02:58:53 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2007/11/30 15:29:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2007/11/30 15:29:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2007/10/18 17:48:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2007/10/18 17:48:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
(C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
(C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
(C:\Program Files\?ssembly) -- C:\Program Files\аssembly
< End of report >







and here is the Extras.txt:


OTL Extras logfile created on: 3/8/2010 9:37:51 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 129.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.78 Gb Total Space | 18.19 Gb Free Space | 25.00% Space Free | Partition Type: NTFS
Drive D: | 3.90 Gb Total Space | 1.98 Gb Free Space | 50.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITZU
Current User Name: LAZARO B. SARDIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22004
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE" = C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger -- File not found
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" = C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe:*:Disabled:PDP RPC Server -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Disabled:P2P Networking -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- File not found
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Disabled:TVAnts -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AAA1D8-D4CF-48BD-9C66-78B41D80DF06}" = Compaq Wallpaper
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D2D00D8-56EE-4115-B1F8-EC9904C330DA}" = Real Estate Broker Exam Prep
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AA65940-854E-11D3-911A-00C0DF4185F9}" = Impact ColorFax Lite
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6F845B05-8B76-4302-A808-7FB21E2BC5E6}" = Sony DVD Handycam USB Driver
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion
"{A07BAED2-DA9A-436A-83F1-80BA23FA9E4B}" = 1400_Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac76ba86-7ad7-1033-7b44-a81300000003}" = Adobe Reader 8.1.3
"{B22CFC7C-86DD-4D4E-8898-328DDB8B6400}" = Salesperson Exam Prep
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C6F9D820-33F5-4DC9-B5F8-576031CE7095}" = BTA California LCSW Vignette
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DE66E6E1-BFBC-4586-A03C-686598F4CA3C}" = 1400Trb
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD350FC2-A972-427D-800B-A2D200ACFF41}" = ImageMixer for Sony
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"adobe shockwave player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Audacity_is1" = Audacity 1.2.4
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.1.2
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Micro Solutions" = Backpack Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3 & Sponsor
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Pandemonium" = Pandemonium for Windows
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-638971174-2501954535-3646181656-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Router" = Router

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2010 9:25:08 PM | Computer Name = MITZU | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module hpzll43a.dll, version 60.53.243.0, fault address 0x000012f3.

Error - 3/5/2010 9:45:38 PM | Computer Name = MITZU | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/7/2010 7:25:01 AM | Computer Name = MITZU | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2010 7:25:36 AM | Computer Name = MITZU | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 3/8/2010 8:47:45 PM | Computer Name = MITZU | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/8/2010 8:59:35 PM | Computer Name = MITZU | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 9:00:42 PM | Computer Name = MITZU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3667, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 9:00:42 PM | Computer Name = MITZU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3667, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 9:00:44 PM | Computer Name = MITZU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3667, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/8/2010 9:00:47 PM | Computer Name = MITZU | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3667, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/5/2010 3:09:55 AM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/5/2010 9:44:25 PM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/5/2010 10:24:47 PM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/5/2010 11:21:17 PM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/7/2010 6:39:05 AM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/7/2010 6:52:08 AM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/8/2010 8:47:05 PM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/8/2010 11:32:56 PM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/9/2010 1:23:38 AM | Computer Name = MITZU | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 3/9/2010 1:33:02 AM | Computer Name = MITZU | Source = Service Control Manager | ID = 7034
Description = The Business Contact Manager SQL Server Startup Service service terminated
unexpectedly. It has done this 1 time(s).


< End of report >

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:26 PM

Posted 09 March 2010 - 02:09 PM

Hi lazarodato,

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (yjiupokwosb3j)
    SRV - File not found [Disabled | Stopped] -- -- (AOL ACS)
    IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O2 - BHO: (no name) - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - No CLSID value found.
    O2 - BHO: (no name) - {8B9ED985-4EDD-47F9-8E89-19A8610C27BC} - No CLSID value found.
    O2 - BHO: (no name) - {C3FAAA13-618C-6978-D85D-48E672820DB0} - No CLSID value found.
    O2 - BHO: (no name) - XAÜ - No CLSID value found.
    O3 - HKU\S-1-5-21-638971174-2501954535-3646181656-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab (Reg Error: Key error.)
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} http://pictures06.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8090.6869791667 (Reg Error: Key error.)
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O24 - Desktop Components:0 () - C:\Program Files\Online Services\disohdob.html
    O33 - MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\Shell\Explore\command - "" = G:\system.exe -- File not found
    O33 - MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\Shell\Open\command - "" = G:\system.exe -- File not found
    O33 - MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\Shell - "" = AutoRun
    O33 - MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
    O33 - MountPoints2\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
    O33 - MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\Shell - "" = AutoRun
    O33 - MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (stera) - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpReg: AIM - hkey= - key= - C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
    MsConfig - StartUpReg: AOL Fast Start - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: AOLDialer - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: HostManager - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: MessengerPlus3 - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe File not found
    [2010/03/08 19:00:00 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\AECC795C918FE948.job
    [2010/03/08 19:00:00 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\A8857F8D918AF08D.job
    [2010/03/08 19:00:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\A88ED193918947D3.job[2007/12/28 00:02:53 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\?dobe
    [2007/12/28 00:02:53 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\?dobe
    [2007/12/28 00:02:52 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\?ssembly
    [2007/12/28 00:02:52 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\?ssembly
    [2007/12/26 02:58:53 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\??curity
    [2007/12/26 02:58:53 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\??curity
    [2007/11/30 15:29:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\W?nSxS
    [2007/11/30 15:29:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\W?nSxS
    [2007/10/18 17:48:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\s?stem
    [2007/10/18 17:48:33 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\s?stem
    (C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\W?nSxS
    (C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\s?stem
    (C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\?dobe
    (C:\Program Files\?ssembly) -- C:\Program Files\?ssembly
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "3246:TCP"=-
    "2479:TCP"=-
    "3389:TCP"=-
    "80:TCP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "65533:TCP"=-
    "52344:TCP"=-
    "3246:TCP"=-
    "2479:TCP"=-
    "3389:TCP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\AIM\aim.exe"=-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE"=-
    "C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"=-
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"=-
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe"=-
    "C:\Program Files\AIM\aim.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=-
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=-
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=-
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=-
    "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"=-
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"=-
    "C:\Program Files\TVAnts\Tvants.exe"=-
    "C:\Program Files\Ares\Ares.exe"=-
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MSN Messenger\livecall.exe"=-
    "C:\Program Files\AVG\AVG8\avgupd.exe"=-
    "C:\Program Files\AVG\AVG8\avgnsx.exe"=-
    "C:\Program Files\MSN Messenger\msnmsgr.exe"=-
    "C:\Program Files\MSN Messenger\livecall.exe"=-
    :Commands
    [purity]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run OTL without the bold text, and post the new OTL log.


Then please post back here with the following logs:
  • MBAM log
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg

#6 lazarodato

lazarodato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 12 March 2010 - 11:51 PM

thanks for the steps. really easy to follow.


here is the mbam log:


Malwarebytes' Anti-Malware 1.44
Database version: 3862
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/12/2010 6:42:09 PM
mbam-log-2010-03-12 (18-42-09).txt

Scan type: Quick Scan
Objects scanned: 212181
Time elapsed: 37 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




here is the otl log




All processes killed
========== OTL ==========
Service yjiupokwosb3j stopped successfully!
Service yjiupokwosb3j deleted successfully!
Service AOL ACS stopped successfully!
Service AOL ACS deleted successfully!
Registry value HKEY_USERS\S-1-5-21-638971174-2501954535-3646181656-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Unable to set value : HKU\S-1-5-21-638971174-2501954535-3646181656-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B9ED985-4EDD-47F9-8E89-19A8610C27BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B9ED985-4EDD-47F9-8E89-19A8610C27BC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3FAAA13-618C-6978-D85D-48E672820DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3FAAA13-618C-6978-D85D-48E672820DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\XAÜ\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-638971174-2501954535-3646181656-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {01111F00-3E00-11D2-8470-0060089874ED}
C:\WINDOWS\Downloaded Program Files\tgctlins.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01111F00-3E00-11D2-8470-0060089874ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01111F00-3E00-11D2-8470-0060089874ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01111F00-3E00-11D2-8470-0060089874ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01111F00-3E00-11D2-8470-0060089874ED}\ not found.
Starting removal of ActiveX control {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8}
C:\WINDOWS\Downloaded Program Files\YGPUPFCtrl.en-US-AIM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {B9191F79-5613-4C76-AA2A-398534BB8999}
C:\Program Files\Yahoo!\Common\yab_af.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9191F79-5613-4C76-AA2A-398534BB8999}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D18F962A-3722-4B59-B08D-28BB9EB2281E}
C:\Program Files\Yahoo!\Common\yphotos.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18F962A-3722-4B59-B08D-28BB9EB2281E}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File C:\Program Files\Online Services\disohdob.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82647888-3d92-11dd-a11f-0002a5ca33f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82647888-3d92-11dd-a11f-0002a5ca33f3}\ not found.
File G:\system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82647888-3d92-11dd-a11f-0002a5ca33f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82647888-3d92-11dd-a11f-0002a5ca33f3}\ not found.
File G:\system.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853c2f72-8878-11dd-a18d-0002a5ca33f3}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\ not found.
File I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{853c2f73-8878-11dd-a18d-0002a5ca33f3}\ not found.
File I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f128e726-5bd1-11db-9e3a-0002a5ca33f3}\ not found.
File G:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:stera deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk\ deleted successfully.
C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AIM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AOL Fast Start\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AOLDialer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HostManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MessengerPlus3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\msnmsgr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TkBellExe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Weather\ deleted successfully.
C:\WINDOWS\tasks\AECC795C918FE948.job moved successfully.
C:\WINDOWS\tasks\A8857F8D918AF08D.job moved successfully.
File C:\WINDOWS\tasks\A88ED193918947D3.job[2007/12/28 00:02:53 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\?dobe not found.
Folder C:\Program Files\Common Files\?dobe\ not found.
Folder C:\Program Files\?ssembly\ not found.
Folder C:\Program Files\?ssembly\ not found.
Folder C:\WINDOWS\System32\??curity\ not found.
Folder C:\WINDOWS\System32\??curity\ not found.
Folder C:\Program Files\Common Files\W?nSxS\ not found.
Folder C:\Program Files\Common Files\W?nSxS\ not found.
Folder C:\Program Files\Common Files\s?stem\ not found.
Folder C:\Program Files\Common Files\s?stem\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\80:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\65533:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\52344:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3246:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2479:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\"C:\Program Files\AIM\aim.exe"|-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\TVUPlayer\TVUPlayer.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\P2P Networking\P2P Networking.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\TVAnts\Tvants.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgnsx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\ѕеcurity folder moved successfully.
C:\Program Files\Common Files\Аdobe\Аdobe folder moved successfully.
C:\Program Files\Common Files\Аdobe folder moved successfully.
C:\Program Files\Common Files\sуstem folder moved successfully.
C:\Program Files\Common Files\WіnSxS folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1498365 bytes
->Temporary Internet Files folder emptied: 26163680 bytes
->FireFox cache emptied: 4169640 bytes
->Flash cache emptied: 1005 bytes

User: All Users

User: Default User
->Temp folder emptied: 97261 bytes
->Temporary Internet Files folder emptied: 53409 bytes

User: HelpAssistant
->Temp folder emptied: 276319081 bytes
->Temporary Internet Files folder emptied: 107792602 bytes
->Java cache emptied: 49675514 bytes
->FireFox cache emptied: 39129414 bytes
->Flash cache emptied: 124150 bytes

User: KARLA Y. SARDIN
->Temp folder emptied: 250933308 bytes
->Temporary Internet Files folder emptied: 17194581 bytes
->Java cache emptied: 68169190 bytes
->FireFox cache emptied: 49366031 bytes
->Flash cache emptied: 25676 bytes

User: LAZARO B. SARDIN
->Temp folder emptied: 1266855680 bytes
->Temporary Internet Files folder emptied: 20840007 bytes
->Java cache emptied: 62987890 bytes
->FireFox cache emptied: 55116040 bytes
->Flash cache emptied: 60038 bytes

User: LAZARO L. SARDIN
->Temp folder emptied: 71495953 bytes
->Temporary Internet Files folder emptied: 104267961 bytes
->Java cache emptied: 50847323 bytes
->FireFox cache emptied: 49887661 bytes
->Flash cache emptied: 51709 bytes

User: LAZARO~2~SAR

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 25933514 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 917504 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 97261 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: YOLANDA B. SARDIN
->Temp folder emptied: 875175027 bytes
->Temporary Internet Files folder emptied: 59430212 bytes
->Java cache emptied: 71874684 bytes
->FireFox cache emptied: 68697103 bytes
->Flash cache emptied: 22376 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 24334801 bytes
%systemroot%\System32\dllcache .tmp files removed: 57344 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 967031390 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 11053191 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 5215047 bytes
RecycleBin emptied: 2204118502 bytes

Total Files Cleaned = 6,568.00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03122010_185947

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...





and the Extra.txt


OTL logfile created on: 3/12/2010 8:35:50 PM - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 167.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.78 Gb Total Space | 25.74 Gb Free Space | 35.36% Space Free | Partition Type: NTFS
Drive D: | 3.90 Gb Total Space | 1.98 Gb Free Space | 50.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MITZU
Current User Name: LAZARO B. SARDIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/08 21:35:36 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS\OTL.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/01 23:25:15 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/13 09:31:32 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/13 09:31:31 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/28 15:53:08 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/28 15:53:05 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/28 15:52:47 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/30 19:43:23 | 000,190,024 | ---- | M] (Patchou) -- C:\Program Files\MessengerPlus! 3\MsgPlus.exe
PRC - [2009/09/20 03:55:46 | 000,222,728 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\real\realplayer\realplay.exe
PRC - [2009/09/20 03:55:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/09 16:16:10 | 000,090,112 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe


========== Modules (SafeList) ==========

MOD - [2010/03/08 21:35:36 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS\OTL.exe
MOD - [2009/09/30 19:43:24 | 000,058,952 | ---- | M] (Patchou) -- C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/28 15:52:47 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/11/28 15:54:06 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/28 15:53:57 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/28 15:53:57 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/06/18 07:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2004/08/03 21:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/07/01 16:23:12 | 000,634,798 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvf2.sys -- (sonypvf2)
DRV - [2003/07/01 16:12:32 | 000,430,670 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sonypvt2.sys -- (sonypvt2)
DRV - [2003/06/24 09:29:36 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2)
DRV - [2003/06/18 03:21:08 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonypvl2.sys -- (sonypvl2)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/30 03:20:36 | 000,019,414 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bppnpdrv.sys -- (bppnpdrv)
DRV - [2002/10/30 03:20:08 | 000,128,248 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bpusbdrv.sys -- (bpusbdrv)
DRV - [2002/10/30 03:13:36 | 000,008,333 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bpusbflt.sys -- (bpusbflt)
DRV - [2002/10/30 03:13:26 | 000,004,538 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bpflt.sys -- (bpflt)
DRV - [2002/10/30 03:13:14 | 000,062,023 | R--- | M] (Micro Solutions, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bpfinder.sys -- (bpfinder)
DRV - [2002/10/30 03:12:48 | 000,005,493 | R--- | M] (Micro Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bppccard.sys -- (bppccard)
DRV - [2002/06/10 13:20:50 | 000,039,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2001/08/17 04:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/13 09:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/16 17:59:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 18:59:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 23:57:31 | 000,000,000 | ---D | M]

[2008/09/08 13:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Extensions
[2010/03/12 17:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Firefox\Profiles\jdvvl8c2.default\extensions
[2009/07/01 18:22:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Firefox\Profiles\jdvvl8c2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/04 19:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\Mozilla\Firefox\Profiles\jdvvl8c2.default\extensions\moveplayer@movenetworks.com
[2010/03/12 17:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/09 11:50:52 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\ffwt.dll

O1 HOSTS File: ([2007/12/28 02:02:56 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [srmclean] C:\CPQS\scom\srmclean.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/02 15:16:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/12 17:57:35 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/12 17:57:36 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 18:59:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/12 17:57:35 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/10 16:22:02 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/04 23:31:21 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Firefox Setup 3.6.exe
[2010/02/27 05:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\BLEEPS
[2010/02/27 03:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Application Data\AVG9
[2010/02/27 02:21:06 | 005,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\mbam-setup.exe
[2010/02/27 01:02:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LAZARO B. SARDIN\IECompatCache
[2010/02/25 03:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\UPWARD BOUND PHOTOS
[2010/02/25 02:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\wtoivj
[2010/02/19 21:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\FOTOS
[2010/02/18 15:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\IRS TAXES 2009
[2009/11/28 15:47:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/28 15:47:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/24 08:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/30 01:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/10/29 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/10/15 12:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2007/10/15 12:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/10/15 12:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/01/14 21:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory

========== Files - Modified Within 30 Days ==========

[2010/03/12 20:10:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 20:00:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\A88ED193918947D3.job
[2010/03/12 19:15:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/12 19:15:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/12 19:15:45 | 536,334,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/12 19:14:54 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\NTUSER.DAT
[2010/03/12 19:14:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\ntuser.ini
[2010/03/12 17:41:24 | 057,034,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/11 20:41:26 | 000,000,715 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/08 23:52:12 | 003,773,926 | -H-- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\IconCache.db
[2010/03/04 23:57:39 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/04 23:33:55 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Firefox Setup 3.6.exe
[2010/02/27 16:51:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\defogger_reenable
[2010/02/27 02:21:25 | 005,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\mbam-setup.exe
[2010/02/27 00:27:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/25 22:53:44 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\rkill.com
[2010/02/25 03:34:13 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\para Lazarito de coralito.doc
[2010/02/25 03:09:54 | 000,078,858 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\l_492081e541af4fa99bdb00e2975c1cce.jpg
[2010/02/25 03:07:54 | 000,026,802 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\coral 23.jpg
[2010/02/25 03:01:24 | 000,056,216 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Coral graduation.jpg
[2010/02/25 03:00:35 | 000,057,957 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Kitzia me and gibran.jpg
[2010/02/25 02:57:14 | 000,037,900 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\karla and I.jpg
[2010/02/24 01:46:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 23:10:07 | 000,028,576 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lcs_exp_chart.pdf
[2010/02/23 23:08:41 | 000,027,773 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lpcc_info.pdf
[2010/02/23 01:10:41 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\EBSW Search Activities Log.doc
[2010/02/22 21:40:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/22 17:35:08 | 000,601,600 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\product.doc
[2010/02/21 22:14:44 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR 1.xls
[2010/02/21 22:06:32 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR2.xls
[2010/02/20 01:23:17 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Group Process Feedback Form.doc
[2010/02/10 22:03:07 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Resources and Information for SW 632.doc

========== Files Created - No Company Name ==========

[2100/02/23 14:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 15:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2010/02/27 16:51:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\defogger_reenable
[2010/02/26 08:54:24 | 536,334,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 22:53:43 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\rkill.com
[2010/02/25 03:34:13 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\My Documents\para Lazarito de coralito.doc
[2010/02/25 03:09:54 | 000,078,858 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\l_492081e541af4fa99bdb00e2975c1cce.jpg
[2010/02/25 03:07:49 | 000,026,802 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\coral 23.jpg
[2010/02/25 03:01:23 | 000,056,216 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Coral graduation.jpg
[2010/02/25 03:00:35 | 000,057,957 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Kitzia me and gibran.jpg
[2010/02/25 02:57:10 | 000,037,900 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\karla and I.jpg
[2010/02/23 23:10:07 | 000,028,576 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lcs_exp_chart.pdf
[2010/02/23 23:08:41 | 000,027,773 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\lpcc_info.pdf
[2010/02/23 01:10:40 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\EBSW Search Activities Log.doc
[2010/02/22 21:40:14 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/22 21:40:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/22 17:34:57 | 000,601,600 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\product.doc
[2010/02/21 22:06:32 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR2.xls
[2010/02/21 22:05:59 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\OMAR 1.xls
[2010/02/20 01:23:17 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Desktop\Group Process Feedback Form.doc
[2010/01/16 11:10:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/13 23:48:56 | 000,000,010 | ---- | C] () -- C:\Program Files\.autoreg
[2007/07/03 19:32:23 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/04 17:58:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/09/04 12:26:58 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System32\CM_SUPPORT.INI
[2006/08/28 19:05:48 | 000,008,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/07/13 18:07:53 | 000,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/25 21:39:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/01/26 18:00:55 | 000,000,126 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2005/01/14 21:59:47 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2004/12/17 18:46:40 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\fusioncache.dat
[2004/09/24 15:08:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/24 13:13:27 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/08/24 07:51:22 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2004/08/24 07:50:07 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/08/24 07:49:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2004/06/19 12:31:28 | 000,002,923 | R--- | C] () -- C:\WINDOWS\System32\bpinst.dll
[2004/05/24 20:40:45 | 000,000,588 | ---- | C] () -- C:\WINDOWS\ColorFax.ini
[2004/05/10 15:08:06 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\LAZARO B. SARDIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/08 20:48:05 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2004/04/08 20:48:05 | 000,050,531 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2004/04/08 20:36:51 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2004/04/08 20:11:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/02 15:32:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/02 15:30:23 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2004/04/02 15:28:59 | 000,000,758 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/22 11:00:28 | 000,012,635 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/07/14 11:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/03/27 14:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/11 23:42:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXARICO.DLL
[2001/10/11 23:42:49 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/25 11:43:28 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/20 10:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/12/05 14:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/01/11 12:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini
[1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== Files - Unicode (All) ==========
[2007/12/28 00:02:52 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\аssembly
[2007/12/28 00:02:52 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\аssembly
(C:\Program Files\?ssembly) -- C:\Program Files\аssembly
< End of report >

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:26 PM

Posted 13 March 2010 - 04:25 PM

This isn't looking good, I can see signs of a nasty rootkit there, lets try and confirm this.

Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.

unite.jpg

#8 lazarodato

lazarodato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 14 March 2010 - 12:50 AM

here is the mbr log. is it supposed to be so small? well, this is what got created on my desktop.



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F69900]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x82f69900
NDIS: Intel® PRO/100 VM Network Connection -> SendCompleteHandler -> 0x82bde330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x099617D0
malicious code @ sector 0x099617D3 !
PE file found in sector at 0x099617E9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:26 PM

Posted 14 March 2010 - 12:24 PM

Yep that's how the log is meant to be, but unfortunatly it's not good.

Unfortunately your logs show you have a rootkit infection, so you should be aware of the following information.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


  • Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
  • Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.
helpasst -mbrt
  • Make sure you leave a space between helpasst and -mbrt !
  • When it completes, a log will open, Pease post the contents of that log.

unite.jpg

#10 lazarodato

lazarodato
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 18 March 2010 - 01:13 AM

Wow, it is a tough decision, but i think the best way to do this is to re-format the computer.
However, if I back up my files from that computer, can the virus be transferred on those files? How can i be sure that after I reformat the computer the virus won't be on the old files?
also, can you provide me with a step-by step guide on how to do it? do you recommend any services to do it?

Let me know what are your ideas. what if i clean it first and then reformat? that sounds like a lot of work and waste of time, and it won't even guarantee being 100% clean.


Expect to get some feedback from you. thanks for the time spent so far assisting me.



#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:26 PM

Posted 18 March 2010 - 01:22 PM

Hi,

You should be fine to back up your stuff now and format, as long as you know what you are backing up then their is no risk
of copying over the malware.

You can see the following guide for step by step instructions on reinstalling windows.

http://www.buildeasypc.com/sw/windows_xp.htm

Regards
Syler

unite.jpg

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:26 PM

Posted 22 March 2010 - 09:17 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·