Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit?


  • Please log in to reply
19 replies to this topic

#1 ferndinho

ferndinho

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 09 May 2010 - 12:01 AM

Dell Inspiron E1505
Win XP
SP 3

Hello -

Based on what I have read from other posts it seems I may have a rootkit virus. Let me see what has happened so far....

On startup I am getting a ton of error messages, ie (qttask.exe, setup.exe, asrkn_pfu.exe, mnvb7yd1j.exe, heixxgptssd.exe, syntpenh.exe). The computer is running super slow and seems to be doing many things in the background. I tried doing a system restore but that didn't work and the computer wouldn't boot. I had to creat a recovery disc (I think thats what they are called) and finally got it back up and running but still something is wrong. I ran my AVG and one of the things it identified is a trojan called cryptic.LK. And I think somewhere else either in the malwarebytes or AVG scans I saw Rootkit.agent listed.

Can someone offer any help? I seem to think the next step would be to run combofix but I would like some guidence to be sure.

Thanks!!

Matt

Edited by ferndinho, 09 May 2010 - 12:09 AM.


BC AdBot (Login to Remove)

 


#2 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 10 May 2010 - 12:56 PM

Ideas on next steps anyone??

#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 10 May 2010 - 02:27 PM

Hi ferndinho

Let's take a look and see what shows on your system.
  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
    Now copy the lines below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button.


  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Thanks

BBPP6nz.png


#4 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 10 May 2010 - 08:01 PM

Starbuck,

Thanks for you willingness to help.

I ran the OTL (btw it took about 30 or 40 minutes to finish the scan). While it was scanning an error message appeared. "generic host process for Win32 Services has encountered a problem and needs to close." During the scan I stepped away from my computer for a bit and when I came back the computer was frozen (except I could still move the mouse). When I tried different keys and clicking my mouse a huge beep started and wouldn't stop. I had to shut off the computer from the power button. Here are the two logs...

OTL logfile created on: 5/10/2010 5:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 0.87 Gb Free Space | 1.69% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 17.14 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP-MATTHEW
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- File not found
SRV - (ZuneWlanCfgSvc) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (zumbus) -- C:\WINDOWS\system32\drivers\zumbus.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam for Notebooks Deluxe(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (Jukebox) -- C:\WINDOWS\system32\drivers\ctpdusb2.sys (Creative Technology Ltd.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/broadband/espn360/index
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {8be51513-0433-45c1-9203-7b45019df871}:1.0.3
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.2.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.19.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6


[2008/06/29 11:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions
[2009/10/01 20:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions
[2008/06/13 06:22:52 | 000,000,000 | ---D | M] (CSSViewer) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\{8be51513-0433-45c1-9203-7b45019df871}
[2008/05/30 04:51:42 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/01/31 05:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\es-es@dictionaries.addons.mozilla.org
[2008/01/10 18:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\firebug@software.joehewitt.com

O1 HOSTS File: ([2009/06/13 11:53:49 | 000,304,444 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10496 more lines...
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: hx-1 = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15105/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\NETSVCS.EXE) - C:\WINDOWS\System32\NETSVCS.EXE File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun\command - "" = fuwuqi.exe
O33 - MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\Shell\Explore\Command - "" = fuwuqi.exe
O33 - MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\Shell\Open\Command - "" = fuwuqi.exe
O33 - MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{24445071-c9a0-11db-9783-0015c5a6217c}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{24445071-c9a0-11db-9783-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\Shell\AutoRun\command - "" = w2ngo.com
O33 - MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\Shell\explore\Command - "" = w2ngo.com
O33 - MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\Shell\open\Command - "" = w2ngo.com
O33 - MountPoints2\{739a898b-1191-11de-98a6-0015c5a6217c}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{93f4f6bf-6b94-11dd-9833-001302c523e1}\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O33 - MountPoints2\{93f4f6c1-6b94-11dd-9833-001302c523e1}\Shell - "" = AutoRun
O33 - MountPoints2\{93f4f6c1-6b94-11dd-9833-001302c523e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9673650-48ac-11db-9714-0015c5a6217c}\Shell\Auto\command - "" = F:\infrom.exe -- File not found
O33 - MountPoints2\{a9673650-48ac-11db-9714-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\Shell - "" = AutoRun
O33 - MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\Shell\AutoRun\command - "" = ReCyCleR\sEtUp.exe
O33 - MountPoints2\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\Shell\OpEn\CoMmAnD - "" = ReCyCleR\sEtuP.exe
O33 - MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 02:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "AresChatServer"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: nod32kui - hkey= - key= - C:\Program Files\Eset\nod32kui.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (87270853531664384)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 17:12:31 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2010/05/06 09:28:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 09:28:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 09:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 09:24:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.46.exe
[2010/05/06 09:16:34 | 005,240,192 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-rules.exe
[2010/05/03 10:55:29 | 000,000,000 | -H-D | C] -- C:\Settings
[2010/05/03 10:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/03 09:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/03 08:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\qdcundrcs
[2010/04/10 22:55:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Matt\Desktop\*.tmp files -> C:\Documents and Settings\Matt\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/10 17:22:18 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\rcpjho.sys
[2010/05/10 17:16:00 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Matt\NTUSER.DAT
[2010/05/10 17:13:12 | 059,799,897 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/10 17:13:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/10 17:11:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 17:11:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/10 17:10:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/10 17:10:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/10 17:10:39 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/10 16:39:56 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2010/05/08 21:36:05 | 003,684,390 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2010/05/08 21:24:14 | 003,687,472 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Combofix.exe.XML
[2010/05/08 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/08 16:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/08 15:53:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Matt\ntuser.ini
[2010/05/08 15:52:45 | 000,471,510 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\cc_20100508_155229.reg
[2010/05/08 15:39:23 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-152213506-2294905537-3966022560-1005UA.job
[2010/05/08 15:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/08 15:00:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/05/06 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/06 12:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/06 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/06 11:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/05/06 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/06 10:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/06 09:19:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.46.exe
[2010/05/06 09:19:20 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\mbam-clean.exe
[2010/05/06 09:13:22 | 005,240,192 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-rules.exe
[2010/05/06 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/06 09:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/05/06 08:46:22 | 000,366,592 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\rkill.com.XML
[2010/05/03 13:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/03 13:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/03 10:55:29 | 000,000,711 | ---- | M] () -- C:\Settings.ini
[2010/05/03 09:40:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\pragmabbr.dll
[2010/05/03 09:40:09 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\pragmaserf.dll
[2010/05/03 09:40:07 | 000,000,147 | ---- | M] () -- C:\WINDOWS\System32\PRAGMAsrcr.dat
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/03 08:50:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/02 22:38:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-152213506-2294905537-3966022560-1005Core.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 21:04:16 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 21:02:03 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/13 20:47:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/10 22:44:27 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\mcs.rma
[2010/04/10 22:44:27 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\C96256
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Matt\Desktop\*.tmp files -> C:\Documents and Settings\Matt\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 21:36:05 | 003,684,390 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2010/05/08 21:29:34 | 003,687,472 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Combofix.exe.XML
[2010/05/08 15:52:33 | 000,471,510 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\cc_20100508_155229.reg
[2010/05/06 09:24:16 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\mbam-clean.exe
[2010/05/06 08:50:00 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\rkill.com
[2010/05/06 08:49:48 | 000,366,592 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\rkill.com.XML
[2010/05/03 10:55:29 | 000,000,711 | ---- | C] () -- C:\Settings.ini
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/03 08:50:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pragmabbr.dll
[2010/05/03 08:50:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pragmaserf.dll
[2010/05/03 08:50:00 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAsrcr.dat
[2010/05/03 08:49:52 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\rcpjho.sys
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/06/05 11:25:23 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2009/02/15 15:05:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/01/03 13:51:13 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/13 07:22:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/18 18:18:50 | 000,000,145 | ---- | C] () -- C:\WINDOWS\pipo.INI
[2008/04/09 16:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008/02/19 20:46:56 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/04 15:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/02/03 14:47:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/01 13:18:51 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/12/11 20:36:29 | 000,000,150 | ---- | C] () -- C:\WINDOWS\MetroTimer.ini
[2007/06/16 05:11:56 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2007/03/04 19:16:06 | 000,000,583 | RH-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/20 19:48:17 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/15 18:47:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/27 16:34:45 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/27 16:34:45 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\90C765EBAA.sys
[2006/08/27 16:32:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/29 12:33:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/29 12:20:54 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2006/07/29 12:18:49 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/29 12:14:39 | 000,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/29 11:41:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 11:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

========== LOP Check ==========

[2007/07/11 15:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/08/28 06:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/06/19 17:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/06/29 14:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/06/21 14:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/07/11 16:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Azureus
[2009/05/24 11:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dropbox
[2009/02/17 06:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Elluminate
[2008/11/07 07:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2008/03/31 09:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flickr
[2009/12/14 19:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\JustVoip
[2006/08/27 18:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2006/08/28 06:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Otto
[2009/10/20 17:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\OverDrive
[2010/03/26 22:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/05/06 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/05/06 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/05/06 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/05/06 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/05/03 13:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/05/08 15:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/05/08 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/05/03 08:50:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/05/06 09:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/05/06 10:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/05/06 11:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/05/06 12:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/05/03 13:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/05/08 15:00:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/05/08 16:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/05/03 08:50:39 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/05/03 08:50:07 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/11 06:04:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/11 06:04:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/11 06:04:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/11 06:04:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/10 17:44:28 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\rcpjho.sys
< End of report >



and the Extas one....

OTL Extras logfile created on: 5/10/2010 5:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 0.87 Gb Free Space | 1.69% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 17.14 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP-MATTHEW
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"" =
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7693:TCP" = 7693:TCP:*:Enabled:Services
"7694:TCP" = 7694:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"" =
"9100:TCP" = 9100:TCP:*:Enabled:Printer
"427:UDP" = 427:UDP:*:Enabled:SLP
"161:TCP" = 161:TCP:*:Enabled:SNMP
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7694:TCP" = 7694:TCP:*:Enabled:Services
"7693:TCP" = 7693:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\utorrent.exe" = C:\Program Files\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" = C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip -- (JustVoip)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\HP\HP LaserJet P2030 Series\HPMSetup.exe" = C:\Program Files\HP\HP LaserJet P2030 Series\HPMSetup.exe:*:Enabled:Network Installer Wizard -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeâ„¢ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C1388BE-AD32-47BC-B51F-A37F1245203C}" = RICOH Media Driver
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00B2-041D-0000-0000000FF1CE}" = Microsoft-tillägget Spara som PDF eller XPS för Microsoft Office 2007-program
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A66B369B-2927-8B02-ADF7-5BC0FE941033}" = Nero 7 Demo
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AVG8Uninstall" = AVG Free 8.5
"AVIcodec" = AVIcodec (remove only)
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.00
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"FileZilla Client" = FileZilla Client 3.0.7
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"JustVoip_is1" = JustVoip
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"Rhapsody" = Rhapsody
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by ferndinho, 10 May 2010 - 08:03 PM.


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 11 May 2010 - 06:02 PM

Hi ferndinho

Before i continue:

The report is showing that you have a malicious backdoor trojan on your system. It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done.

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

For more information read ....Here
If you choose to format and reinstall read...... Here

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

It's up to you.

BBPP6nz.png


#6 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 12 May 2010 - 10:57 AM

Hi Starbuck,

Lets try to clean it up as best as possible for now. I have access to a second computer that I can use to do more sensitive info on for the time being. Also, have been looking at getting a new one even before the virus hit. So let me know what next steps to take to try and clean it up.

Thanks!


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 12 May 2010 - 03:09 PM

Hi ferndinho

QUOTE
Lets try to clean it up as best as possible for now.
Ok, no problem.

Step 1
Double click on OTL.exe to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line )
CODE
:Otl
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: hx-1 = 1
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\NETSVCS.EXE) - C:\WINDOWS\System32\NETSVCS.EXE File not found
O33 - MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\Shell\AutoRun\command - "" = fuwuqi.exe
O33 - MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\Shell\Explore\Command - "" = fuwuqi.exe
O33 - MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\Shell\Open\Command - "" = fuwuqi.exe
O33 - MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{24445071-c9a0-11db-9783-0015c5a6217c}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{24445071-c9a0-11db-9783-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\Shell\AutoRun\command - "" = w2ngo.com
O33 - MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\Shell\explore\Command - "" = w2ngo.com
O33 - MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\Shell\open\Command - "" = w2ngo.com
O33 - MountPoints2\{739a898b-1191-11de-98a6-0015c5a6217c}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{93f4f6bf-6b94-11dd-9833-001302c523e1}\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O33 - MountPoints2\{93f4f6c1-6b94-11dd-9833-001302c523e1}\Shell - "" = AutoRun
O33 - MountPoints2\{93f4f6c1-6b94-11dd-9833-001302c523e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9673650-48ac-11db-9714-0015c5a6217c}\Shell\Auto\command - "" = F:\infrom.exe -- File not found
O33 - MountPoints2\{a9673650-48ac-11db-9714-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\Shell - "" = AutoRun
O33 - MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\Shell\AutoRun\command - "" = ReCyCleR\sEtUp.exe
O33 - MountPoints2\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\Shell\OpEn\CoMmAnD - "" = ReCyCleR\sEtuP.exe
O33 - MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\Shell - "" = AutoRun
O33 - MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\Shell\AutoRun\command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\Shell\Explore\Command - "" = G:\fuwuqi.exe -- File not found
O33 - MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\Shell\Open\Command - "" = G:\fuwuqi.exe -- File not found
[2010/05/03 08:50:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pragmabbr.dll
[2010/05/03 08:50:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pragmaserf.dll
[2010/05/03 08:50:00 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\PRAGMAsrcr.dat
[2010/05/03 08:49:52 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\rcpjho.sys

:Files
C:\Windows\Tasks\At*.job

:commands
[emptytemp]
[purity]
[RESETHOSTS]
[EMPTYFLASH]
  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


  • Click the red Run Fix button.


  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2
Please update MBAM and run another scan:
Start MBAM
Click on the Update tab



Click Check for Updates



If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:
QUOTE
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


In your next reply, please submit:
OTL fix report
New MBAM scan report


Thanks.

BBPP6nz.png


#8 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 12 May 2010 - 10:08 PM

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\hx-1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\WINDOWS\system32\NETSVCS.EXE deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907b-2f94-11de-98d0-0015c5a6217c}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907c-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\ not found.
File fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\ not found.
File fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d1f907e-2f94-11de-98d0-0015c5a6217c}\ not found.
File fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d503c0e-29e0-11de-98c5-0015c5a6217c}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18b55481-a760-11dd-985e-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18b55481-a760-11dd-985e-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18b55481-a760-11dd-985e-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18b55481-a760-11dd-985e-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24445071-c9a0-11db-9783-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24445071-c9a0-11db-9783-0015c5a6217c}\ not found.
File infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24445071-c9a0-11db-9783-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24445071-c9a0-11db-9783-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3de8d97b-ecd4-11dd-9887-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60469af5-96f6-11dd-984a-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60469af5-96f6-11dd-984a-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60469af5-96f6-11dd-984a-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60469af5-96f6-11dd-984a-0015c5a6217c}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60469af6-96f6-11dd-984a-0015c5a6217c}\ not found.
File w2ngo.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60469af6-96f6-11dd-984a-0015c5a6217c}\ not found.
File w2ngo.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60469af6-96f6-11dd-984a-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60469af6-96f6-11dd-984a-0015c5a6217c}\ not found.
File w2ngo.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{739a898b-1191-11de-98a6-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739a898b-1191-11de-98a6-0015c5a6217c}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d34cde4-b4cb-11dd-9868-0015c5a6217c}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f4f6bf-6b94-11dd-9833-001302c523e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f4f6bf-6b94-11dd-9833-001302c523e1}\ not found.
File H:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f4f6c1-6b94-11dd-9833-001302c523e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f4f6c1-6b94-11dd-9833-001302c523e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f4f6c1-6b94-11dd-9833-001302c523e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f4f6c1-6b94-11dd-9833-001302c523e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9673650-48ac-11db-9714-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9673650-48ac-11db-9714-0015c5a6217c}\ not found.
File F:\infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9673650-48ac-11db-9714-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9673650-48ac-11db-9714-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b46b24d5-3f7c-11dc-97b5-0015c5a6217c}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd010bf3-39b3-11dd-9829-001302c523e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd010bf3-39b3-11dd-9829-001302c523e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd010bf3-39b3-11dd-9829-001302c523e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd010bf3-39b3-11dd-9829-001302c523e1}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\ not found.
File C:\ReCyCleR\sEtUp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2eed0e6-997c-11dd-984e-0015c5a6217c}\ not found.
File C:\ReCyCleR\sEtuP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfe36e1b-f3fc-11db-9798-0015c5a6217c}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e70a4af6-720d-11dc-97c4-0015c5a6217c}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe316b85-f92e-11dd-988d-001302c523e1}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe316b85-f92e-11dd-988d-001302c523e1}\ not found.
File G:\fuwuqi.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe316b85-f92e-11dd-988d-001302c523e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe316b85-f92e-11dd-988d-001302c523e1}\ not found.
File G:\fuwuqi.exe not found.
C:\WINDOWS\system32\pragmabbr.dll moved successfully.
C:\WINDOWS\system32\pragmaserf.dll moved successfully.
C:\WINDOWS\system32\PRAGMAsrcr.dat moved successfully.
File move failed. C:\WINDOWS\system32\drivers\rcpjho.sys scheduled to be moved on reboot.
========== FILES ==========
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 376 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HelpAssistant
->Temp folder emptied: 20297917 bytes
->Temporary Internet Files folder emptied: 130917304 bytes
->Java cache emptied: 5484303 bytes
->FireFox cache emptied: 181595841 bytes
->Google Chrome cache emptied: 68851175 bytes
->Flash cache emptied: 55635 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Matt
->Temp folder emptied: 1210735979 bytes
->Temporary Internet Files folder emptied: 218139229 bytes
->Java cache emptied: 25827624 bytes
->FireFox cache emptied: 657931240 bytes
->Google Chrome cache emptied: 594288 bytes
->Flash cache emptied: 55635 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37950006 bytes
->Flash cache emptied: 8592 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 46729 bytes
%systemroot%\System32 .tmp files removed: 2775569 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7737664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23428444 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 273684 bytes

Total Files Cleaned = 2,473.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: LocalService

User: Matt
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05122010_195236

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\rcpjho.sys scheduled to be moved on reboot.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FOZPBD6M\index[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0UYGGQ7S\index[1].htm not found!
C:\WINDOWS\temp\$$$dq3e moved successfully.
C:\WINDOWS\temp\$67we.$ moved successfully.

Registry entries deleted on Reboot...



Will reply with the malwarebytes log....



#9 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 12 May 2010 - 10:31 PM

There were two scan options...I did the quick one. There was also a full scan. Should I have done that one? Here is the log. It did say cetian items were not able to be removed. It has said this before when I ran Malwarebytes.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4094

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/12/2010 8:29:21 PM
mbam-log-2010-05-12 (20-29-21).txt

Scan type: Quick scan
Objects scanned: 136600
Time elapsed: 17 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\rcpjho.sys (Rootkit.Agent) -> Delete on reboot.


#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 13 May 2010 - 03:35 AM

Hi ferndinho

Thanks for that.

Please remove any copy ComboFix that you may have on your system:
Then

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2






This is an example, you may rename ComboFix to anything you want.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks.

BBPP6nz.png


#11 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 14 May 2010 - 12:23 AM

ComboFix 10-05-12.04 - Matt 05/13/2010 7:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1530 [GMT -7:00]
Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\microsoft 0ffice
c:\windows\ldlist.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\Cache
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\rcpjho.sys
c:\windows\system32\rundll32 .exe

----- BITS: Possible infected sites -----

hxxp://resources.zune.net
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rcpjho
-------\Service_rcpjho


((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-13 02:52 . 2010-05-13 02:52 -------- d-----w- C:\_OTL
2010-05-06 16:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 16:28 . 2010-05-06 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 16:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 18:53 . 2010-05-03 18:53 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-05-03 18:53 . 2010-05-03 18:53 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-05-03 18:26 . 2010-05-03 18:27 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2010-05-03 17:55 . 2010-05-03 17:55 -------- d-----w- C:\Settings
2010-05-03 15:49 . 2010-05-06 19:11 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\qdcundrcs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 23:00 . 2009-06-24 23:46 -------- d-----w- c:\program files\Zune
2010-05-08 23:00 . 2009-07-13 02:52 -------- d-----w- c:\program files\QuickTime
2010-05-06 16:28 . 2010-01-16 17:18 -------- d-----w- c:\documents and settings\Matt\Application Data\Malwarebytes
2010-05-06 16:28 . 2010-01-14 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-06 15:35 . 2009-07-09 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-27 05:38 . 2007-07-12 11:09 -------- d-----w- c:\documents and settings\Matt\Application Data\uTorrent
2010-03-11 12:38 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2005-08-16 09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 15:25 . 2007-07-12 11:09 319280 ----a-w- c:\program files\utorrent.exe
2010-02-24 13:11 . 2005-08-16 09:18 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2005-08-16 09:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-02-21 21:25 . 2008-02-21 21:25 1491592 ----a-w- c:\program files\install_flash_player.exe
2007-12-26 00:34 . 2007-12-26 00:26 54330664 ----a-w- c:\program files\iTunesSetup.exe
2007-10-29 12:40 . 2007-10-29 12:39 5822304 ----a-w- c:\program files\Firefox Setup 2.0.0.8.exe
2007-10-12 15:26 . 2007-10-12 15:26 17906544 ----a-w- c:\program files\Install_Messenger.exe
2007-10-05 16:37 . 2007-10-05 16:37 23876904 ----a-w- c:\program files\SkypeSetup.exe
2007-07-30 13:15 . 2007-07-30 13:15 6221304 ----a-w- c:\program files\winamp535_full_emusic-7plus.exe
2007-07-20 00:38 . 2007-07-20 00:38 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe
2007-07-19 22:31 . 2007-07-19 22:30 3384407 ----a-w- c:\program files\AVICodecPackPlus-22.exe
2007-07-19 22:23 . 2007-07-19 22:22 557694 ----a-w- c:\program files\dxplayer_setup.exe
2007-07-19 13:00 . 2007-07-19 13:00 795570 ----a-w- c:\program files\iv32nt95.exe
2007-07-11 22:25 . 2007-07-11 22:25 5435392 ----a-w- c:\program files\Azureus_3.0.1.6a_windows.exe
2007-06-27 00:05 . 2007-06-27 00:05 531 ----a-w- c:\program files\savetestgmat5m.dat
2007-05-28 13:01 . 2007-05-28 13:01 2056082 ----a-w- c:\program files\aresregular209_installer.exe
2007-03-03 15:59 . 2007-03-03 15:58 662868 ----a-w- c:\program files\uploadr_v2.3.exe
2007-03-03 13:25 . 2007-03-03 13:25 14993976 ----a-w- c:\program files\GoogleEarthWin_EARA.exe
2006-09-26 19:24 . 2006-11-01 02:20 4908872 ----a-w- c:\program files\picasaweb-current-setup.exe
2006-04-18 16:23 . 2006-09-20 13:34 21254280 ----a-w- c:\program files\AdbeRdr707_en_US.exe
2005-10-29 00:10 . 2006-09-20 13:34 158875461 ----a-w- c:\program files\Adobe Photoshop CS 8 en.zip
2005-08-29 01:06 . 2007-03-03 03:19 107543201 ----a-w- c:\program files\norton antivirus 2005 (spanish) + crack & activacion.zip
2005-08-28 02:30 . 2006-09-20 13:34 182042470 ----a-w- c:\program files\Adobe Photoshop CS 8 es.zip
2005-05-03 01:27 . 2006-09-20 13:35 158484857 ----a-w- c:\program files\Nero 7.0.1.2 Premium Edition (Español-Spanish) con Keygen, G.zip
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-08-27 23:35 . 2006-08-27 23:34 88 --sh--r- c:\windows\system32\90C765EBAA.sys
2006-08-27 23:35 . 2006-08-27 23:34 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
CODE
<pre>
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Zune\zunelauncher .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 15:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-03-18 16:18 2046816 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 21:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
c:\program files\Eset\nod32kui.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 20:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
c:\program files\Zune\ZuneLauncher.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"9100:TCP"= 9100:TCP:Printer
"427:UDP"= 427:UDP:SLP
"161:TCP"= 161:TCP:SNMP
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7694:TCP"= 7694:TCP:Services
"7693:TCP"= 7693:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5676:TCP"= 5676:TCP:Services
"3588:TCP"= 3588:TCP:Services
"9024:TCP"= 9024:TCP:Services
"9025:TCP"= 9025:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2009 9:00 AM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2009 9:00 AM 297752]
S2 gupdate1c984041f14e62e;Google Update Service (gupdate1c984041f14e62e);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 5:29 PM 133104]
S3 {58B77937-E763-43B9-831FF5CE5F8BEA0C};{58B77937-E763-43B9-831FF5CE5F8BEA0C};\??\c:\windows\TEMP\1AE6.tmp --> c:\windows\TEMP\1AE6.tmp [?]
S3 {C53E8780-E504-410F-AE50BA2D02E9F87F};{C53E8780-E504-410F-AE50BA2D02E9F87F};c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 2:18 AM 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/6/2007 3:22 PM 646392]
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 00:29]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 00:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/broadband/espn360/index
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 07:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A5FB5F0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> 0x8a5fb5f0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> 0x898a95c0
PacketIndicateHandler -> NDIS.sys @ 0xb9cbea0d
SendHandler -> NDIS.sys @ 0xb9cd2b40
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0923CA09
malicious code @ sector 0x0923CA0C !
PE file found in sector at 0x0923CA22 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{58B77937-E763-43B9-831FF5CE5F8BEA0C}]
"ImagePath"="\??\c:\windows\TEMP\1AE6.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{C53E8780-E504-410F-AE50BA2D02E9F87F}]
"ServiceDll"="c:\docume~1\Matt\LOCALS~1\Temp\1AE2.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4228)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2010-05-13 08:08:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-13 15:07

Pre-Run: 3,251,556,352 bytes free
Post-Run: 3,088,695,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B868920CBBE0EC161BD8431F3B79F13D


#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 14 May 2010 - 08:17 AM

Hi ferndinho

Step 1
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
CODE
RenV::
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Zune\zunelauncher .exe

Folder::
c:\documents and settings\Matt\Local Settings\Application Data\qdcundrcs

Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.


Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Step 2
Download HelpAsst_mebroot_fix and save it to your desktop.
Close all other open programs and windows.
Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start >> Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

------------------

In the event the tool does not detect an mbr infection and completes, click Start >> Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start >> Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

In your next reply, please submit:
New combofix.txt
and reports from HelpAsst_mebroot_fix


Thanks.

Edited by Starbuck, 14 May 2010 - 09:24 AM.

BBPP6nz.png


#13 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 15 May 2010 - 12:41 PM

Here are the two logs....

ComboFix 10-05-12.04 - Matt 05/15/2010 9:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1553 [GMT -7:00]
Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt\Local Settings\Application Data\qdcundrcs

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-13 02:52 . 2010-05-13 02:52 -------- d-----w- C:\_OTL
2010-05-06 16:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 16:28 . 2010-05-06 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 16:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 18:53 . 2010-05-03 18:53 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-05-03 18:53 . 2010-05-03 18:53 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-05-03 18:26 . 2010-05-03 18:27 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2010-05-03 17:55 . 2010-05-03 17:55 -------- d-----w- C:\Settings
2010-04-19 21:59 . 2010-04-19 21:59 255472 ----a-w- c:\documents and settings\Matt\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 16:59 . 2009-07-13 02:52 -------- d-----w- c:\program files\QuickTime
2010-05-15 16:59 . 2009-06-24 23:46 -------- d-----w- c:\program files\Zune
2010-05-06 16:28 . 2010-01-16 17:18 -------- d-----w- c:\documents and settings\Matt\Application Data\Malwarebytes
2010-05-06 16:28 . 2010-01-14 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-06 15:35 . 2009-07-09 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-27 05:38 . 2007-07-12 11:09 -------- d-----w- c:\documents and settings\Matt\Application Data\uTorrent
2010-03-11 12:38 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2005-08-16 09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 20:48 . 2009-10-02 03:56 144053 ----a-w- c:\documents and settings\Matt\Application Data\Move Networks\uninstall.exe
2010-03-05 20:48 . 2010-02-11 19:31 5640640 ----a-w- c:\documents and settings\Matt\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll
2010-03-04 15:25 . 2007-07-12 11:09 319280 ----a-w- c:\program files\utorrent.exe
2010-02-24 13:11 . 2005-08-16 09:18 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2005-08-16 09:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-02-21 21:25 . 2008-02-21 21:25 1491592 ----a-w- c:\program files\install_flash_player.exe
2007-12-26 00:34 . 2007-12-26 00:26 54330664 ----a-w- c:\program files\iTunesSetup.exe
2007-10-29 12:40 . 2007-10-29 12:39 5822304 ----a-w- c:\program files\Firefox Setup 2.0.0.8.exe
2007-10-12 15:26 . 2007-10-12 15:26 17906544 ----a-w- c:\program files\Install_Messenger.exe
2007-10-05 16:37 . 2007-10-05 16:37 23876904 ----a-w- c:\program files\SkypeSetup.exe
2007-07-30 13:15 . 2007-07-30 13:15 6221304 ----a-w- c:\program files\winamp535_full_emusic-7plus.exe
2007-07-20 00:38 . 2007-07-20 00:38 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe
2007-07-19 22:31 . 2007-07-19 22:30 3384407 ----a-w- c:\program files\AVICodecPackPlus-22.exe
2007-07-19 22:23 . 2007-07-19 22:22 557694 ----a-w- c:\program files\dxplayer_setup.exe
2007-07-19 13:00 . 2007-07-19 13:00 795570 ----a-w- c:\program files\iv32nt95.exe
2007-07-11 22:25 . 2007-07-11 22:25 5435392 ----a-w- c:\program files\Azureus_3.0.1.6a_windows.exe
2007-06-27 00:05 . 2007-06-27 00:05 531 ----a-w- c:\program files\savetestgmat5m.dat
2007-05-28 13:01 . 2007-05-28 13:01 2056082 ----a-w- c:\program files\aresregular209_installer.exe
2007-03-03 15:59 . 2007-03-03 15:58 662868 ----a-w- c:\program files\uploadr_v2.3.exe
2007-03-03 13:25 . 2007-03-03 13:25 14993976 ----a-w- c:\program files\GoogleEarthWin_EARA.exe
2006-09-26 19:24 . 2006-11-01 02:20 4908872 ----a-w- c:\program files\picasaweb-current-setup.exe
2006-04-18 16:23 . 2006-09-20 13:34 21254280 ----a-w- c:\program files\AdbeRdr707_en_US.exe
2005-10-29 00:10 . 2006-09-20 13:34 158875461 ----a-w- c:\program files\Adobe Photoshop CS 8 en.zip
2005-08-29 01:06 . 2007-03-03 03:19 107543201 ----a-w- c:\program files\norton antivirus 2005 (spanish) + crack & activacion.zip
2005-08-28 02:30 . 2006-09-20 13:34 182042470 ----a-w- c:\program files\Adobe Photoshop CS 8 es.zip
2005-05-03 01:27 . 2006-09-20 13:35 158484857 ----a-w- c:\program files\Nero 7.0.1.2 Premium Edition (Español-Spanish) con Keygen, G.zip
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-08-27 23:35 . 2006-08-27 23:34 88 --sh--r- c:\windows\system32\90C765EBAA.sys
2006-08-27 23:35 . 2006-08-27 23:34 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 15:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-03-18 16:18 2046816 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 21:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 20:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 22:38 158448 ----a-w- c:\program files\Zune\zunelauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"9100:TCP"= 9100:TCP:Printer
"427:UDP"= 427:UDP:SLP
"161:TCP"= 161:TCP:SNMP
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7694:TCP"= 7694:TCP:Services
"7693:TCP"= 7693:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5676:TCP"= 5676:TCP:Services
"3588:TCP"= 3588:TCP:Services
"9024:TCP"= 9024:TCP:Services
"9025:TCP"= 9025:TCP:Services
"8196:TCP"= 8196:TCP:Services
"8197:TCP"= 8197:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2009 9:00 AM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2009 9:00 AM 297752]
S2 gupdate1c984041f14e62e;Google Update Service (gupdate1c984041f14e62e);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 5:29 PM 133104]
S3 {58B77937-E763-43B9-831FF5CE5F8BEA0C};{58B77937-E763-43B9-831FF5CE5F8BEA0C};\??\c:\windows\TEMP\1AE6.tmp --> c:\windows\TEMP\1AE6.tmp [?]
S3 {C53E8780-E504-410F-AE50BA2D02E9F87F};{C53E8780-E504-410F-AE50BA2D02E9F87F};c:\windows\System32\svchost.exe -k netsvcs [8/16/2005 2:18 AM 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/6/2007 3:22 PM 646392]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 00:29]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 00:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/forums/topic315657.html
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Update - c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 10:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{58B77937-E763-43B9-831FF5CE5F8BEA0C}]
"ImagePath"="\??\c:\windows\TEMP\1AE6.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{C53E8780-E504-410F-AE50BA2D02E9F87F}]
"ServiceDll"="c:\docume~1\Matt\LOCALS~1\Temp\1AE2.tmp"
.
Completion time: 2010-05-15 10:11:28
ComboFix-quarantined-files.txt 2010-05-15 17:11
ComboFix2.txt 2010-05-13 15:08

Pre-Run: 3,083,165,696 bytes free
Post-Run: 3,045,982,208 bytes free

- - End Of File - - 7346DCEFE3181F79E82D9BDE735F0804



C:\Documents and Settings\Matt\Desktop\HelpAsst_mebroot_fix.exe
Sat 05/15/2010 at 10:12:36.62

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"7693:TCP"=-
"7694:TCP"=-
"3389:TCP"=-
"3588:TCP"=-
"5676:TCP"=-
"9024:TCP"=-
"9025:TCP"=-
"8196:TCP"=-
"8197:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"7694:TCP"=-
"7693:TCP"=-
"3389:TCP"=-
"5676:TCP"=-
"3588:TCP"=-
"9024:TCP"=-
"9025:TCP"=-
"8196:TCP"=-
"8197:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-152213506-2294905537-3966022560-1004
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 05/15/2010 at 10:39:53.67

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0923CA09
malicious code @ sector 0x0923CA0C !
PE file found in sector at 0x0923CA22 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:04 PM

Posted 15 May 2010 - 12:59 PM

Hi ferndinho

Nice work thumbup2.gif
We're getting somewhere now.

Let's remove your temp files and get a fresh OTL scan now.

Step 1

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Step 2
Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

In your next reply, please submit:
both reports from OTL

Btw, how's the system running now?

Thanks.

BBPP6nz.png


#15 ferndinho

ferndinho
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 15 May 2010 - 09:43 PM


Thanks for you help so far! The computer is running better now...doesn't sound like there are process going on in the background anymore. How do things look from you view? I will continue to use it and let you know how it goes. In the mean time let me know what other steps are necessary. I appreciate it!

Here are the next two...

OTL logfile created on: 5/15/2010 7:34:46 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 2.83 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 17.14 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP-MATTHEW
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- File not found
SRV - (ZuneWlanCfgSvc) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (zumbus) -- C:\WINDOWS\system32\drivers\zumbus.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam for Notebooks Deluxe(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (Jukebox) -- C:\WINDOWS\system32\drivers\ctpdusb2.sys (Creative Technology Ltd.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/t/315657/rootkit/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {8be51513-0433-45c1-9203-7b45019df871}:1.0.3
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.2.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.19.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6


[2008/06/29 11:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions
[2009/10/01 20:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions
[2008/06/13 06:22:52 | 000,000,000 | ---D | M] (CSSViewer) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\{8be51513-0433-45c1-9203-7b45019df871}
[2008/05/30 04:51:42 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/01/31 05:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\es-es@dictionaries.addons.mozilla.org
[2008/01/10 18:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\vdk1hrho.default\extensions\firebug@software.joehewitt.com

O1 HOSTS File: ([2010/05/13 07:54:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15105/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 19:31:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/15 19:29:55 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\TFC.exe
[2010/05/15 10:12:37 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/05/13 07:29:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/12 19:52:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/10 17:12:31 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2010/05/06 09:28:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 09:28:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 09:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 09:24:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.46.exe
[2010/05/06 09:16:34 | 005,240,192 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-rules.exe
[2010/05/03 10:55:29 | 000,000,000 | ---D | C] -- C:\Settings
[2010/05/03 10:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/03 09:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\Documents and Settings\Matt\Desktop\*.tmp files -> C:\Documents and Settings\Matt\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/15 19:33:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 19:32:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/15 19:32:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/15 19:32:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/15 19:32:46 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/15 19:31:43 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Matt\NTUSER.DAT
[2010/05/15 19:31:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Matt\ntuser.ini
[2010/05/15 19:29:57 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\TFC.exe
[2010/05/15 10:13:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 10:08:21 | 000,000,275 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/15 09:47:23 | 000,489,984 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\HelpAsst_mebroot_fix.exe
[2010/05/15 09:43:51 | 060,009,113 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/13 07:54:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/13 07:29:27 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/05/13 07:11:07 | 003,687,542 | R--- | M] () -- C:\Documents and Settings\Matt\Desktop\Combo-Fix.exe
[2010/05/10 16:39:56 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2010/05/08 15:52:45 | 000,471,510 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\cc_20100508_155229.reg
[2010/05/06 09:19:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.46.exe
[2010/05/06 09:19:20 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\mbam-clean.exe
[2010/05/06 09:13:22 | 005,240,192 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-rules.exe
[2010/05/06 08:46:22 | 000,366,592 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\rkill.com.XML
[2010/05/03 10:55:29 | 000,000,711 | ---- | M] () -- C:\Settings.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 21:04:16 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 21:02:03 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[1 C:\Documents and Settings\Matt\Desktop\*.tmp files -> C:\Documents and Settings\Matt\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/15 10:24:01 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Matt\mbr.log
[2010/05/15 09:47:21 | 000,489,984 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\HelpAsst_mebroot_fix.exe
[2010/05/13 07:40:39 | 2137,456,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/13 07:29:27 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/05/13 07:29:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/13 07:11:07 | 003,687,542 | R--- | C] () -- C:\Documents and Settings\Matt\Desktop\Combo-Fix.exe
[2010/05/08 15:52:33 | 000,471,510 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\cc_20100508_155229.reg
[2010/05/06 09:24:16 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\mbam-clean.exe
[2010/05/06 08:50:00 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\rkill.com
[2010/05/06 08:49:48 | 000,366,592 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\rkill.com.XML
[2010/05/03 10:55:29 | 000,000,711 | ---- | C] () -- C:\Settings.ini
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/06/05 11:25:23 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2009/02/15 15:05:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/01/03 13:51:13 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/13 07:22:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/18 18:18:50 | 000,000,145 | ---- | C] () -- C:\WINDOWS\pipo.INI
[2008/04/09 16:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008/02/19 20:46:56 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/04 15:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/02/03 14:47:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/01 13:18:51 | 000,000,074 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/12/11 20:36:29 | 000,000,150 | ---- | C] () -- C:\WINDOWS\MetroTimer.ini
[2007/06/16 05:11:56 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2007/03/04 19:16:06 | 000,000,583 | RH-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/20 19:48:17 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/15 18:47:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/27 16:34:45 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/27 16:34:45 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\90C765EBAA.sys
[2006/08/27 16:32:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/29 12:33:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/29 12:20:54 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2006/07/29 12:18:49 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/29 12:14:39 | 000,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/29 11:41:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 11:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
< End of report >



OTL Extras logfile created on: 5/15/2010 7:34:46 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 2.83 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 17.14 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP-MATTHEW
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"" =
"9100:TCP" = 9100:TCP:*:Enabled:Printer
"427:UDP" = 427:UDP:*:Enabled:SLP
"161:TCP" = 161:TCP:*:Enabled:SNMP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\utorrent.exe" = C:\Program Files\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" = C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip -- (JustVoip)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- ()
"C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C1388BE-AD32-47BC-B51F-A37F1245203C}" = RICOH Media Driver
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00B2-041D-0000-0000000FF1CE}" = Microsoft-tillägget Spara som PDF eller XPS för Microsoft Office 2007-program
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A66B369B-2927-8B02-ADF7-5BC0FE941033}" = Nero 7 Demo
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AVG8Uninstall" = AVG Free 8.5
"AVIcodec" = AVIcodec (remove only)
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.00
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"FileZilla Client" = FileZilla Client 3.0.7
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"JustVoip_is1" = JustVoip
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"Rhapsody" = Rhapsody
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users