Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CiceroWndFrame virus? and Auto Updates Off when showing ON


  • This topic is locked This topic is locked
16 replies to this topic

#1 paulegt

paulegt

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 24 April 2011 - 06:16 AM

Previous topic here: http://www.bleepingcomputer.com/forums/topic392101.html ~ OB

Hi all i think i might be infected with the above virus, obviously you will be better judges than me.
Please help me with how to solve my issues with the PC.
I have already run a Malbytes anti-malware full scan with nothing found and also done a full scan on Avast! anti virus with nothing found either.
When i shutdown i get a window with closing the cicirowndframe or something like that. plus the automatic updates is showing as Off although when you goto change settings they already say ON.

Many Thanks

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.

If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

I managed to create the DDS logs but when trying to run GMER it just restarted the computer each time, i followed the guide to the letter, stopped cd emulation etc.

Here are the DDS logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HomeXP at 9:28:33.20 on 25/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1535.1012 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HomeXP\Desktop\Virus Solving\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NPSStartup]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\homexp\startm~1\programs\startup\sygate~1.lnk - c:\program files\sygate\spf\Smc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\homexp\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247478306203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247478297015
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.sc-server1.bt.com/broadband/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-12 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-2-28 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-28 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-25 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-11-25 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-25 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-22 42184]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-20 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-20 36608]
S2 gupdate1c98ae7ef12ef26;Google Update Service (gupdate1c98ae7ef12ef26);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-26 13224]
S3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\drivers\glauiad.sys [2005-5-24 30371]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2005-5-11 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [2005-5-11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [2005-5-11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2005-5-11 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [2005-5-11 77072]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-3-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-3-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-3-20 121856]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2011-04-24 09:55:41 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2011-04-23 19:25:09 -------- d-----w- c:\program files\CCleaner
2011-04-14 02:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2003-04-11 14:11:34 520192 -csha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
.
============= FINISH: 9:34:00.73 ===============






OTHER DDS LOG IS AS AN ATTACHMENT

EDIT: Posts merged ~Budapest

Attached Files


Edited by Orange Blossom, 26 April 2011 - 11:02 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:47 AM

Posted 02 May 2011 - 11:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 paulegt

paulegt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 03 May 2011 - 01:52 PM

Hi, thank you for your responce :)

Here is the fresh DDS log:



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HomeXP at 19:41:53.03 on 03/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1535.1135 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HomeXP\Desktop\Virus Solving\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\program files\macrogaming\sweetimbarforie\toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NPSStartup]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\homexp\startm~1\programs\startup\sygate~1.lnk - c:\program files\sygate\spf\Smc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\homexp\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247478306203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247478297015
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.sc-server1.bt.com/broadband/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-12 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-2-28 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-28 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-25 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-11-25 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-25 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-22 42184]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-20 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-20 36608]
S2 gupdate1c98ae7ef12ef26;Google Update Service (gupdate1c98ae7ef12ef26);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-26 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\drivers\glauiad.sys [2005-5-24 30371]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2005-5-11 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [2005-5-11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [2005-5-11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2005-5-11 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [2005-5-11 77072]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-3-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-3-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-3-20 121856]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2011-04-23 19:25:09 -------- d-----w- c:\program files\CCleaner
2011-04-14 02:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2003-04-11 14:11:34 520192 -csha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe
.
============= FINISH: 19:43:43.57 ===============





DO YOU REQUIRE THE LOG NAMED ATTACH?



Also I am unable to produce a Gmer log as when i open the file the computer immediately restarts as if i have pressed the restart button on the front of the computer unit.


Many thanks

#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:47 AM

Posted 03 May 2011 - 09:50 PM

Hi paulegt
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up.

Please do the following in the order given.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • Vista users right click Combofix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Please post the Combofix log and the aswMBR log

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#5 paulegt

paulegt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 04 May 2011 - 11:33 AM

Hello and thankyou for taking on my case.

I followed your instructions after printing them off.

Combofix ran and solved 1 windows/system file infection then once completed restarted computer and NO LOG was produced or if it was i do not know its location.



However here is the other log you need.


I await your advice on the combofix log


Many Thanks
Paul



aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-04 17:27:27
-----------------------------
17:27:27.234 OS Version: Windows 5.1.2600 Service Pack 3
17:27:27.234 Number of processors: 1 586 0x209
17:27:27.234 ComputerName: HOME UserName:
17:27:27.906 Initialize success
17:27:30.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:27:30.140 Disk 0 Vendor: ST340016A 3.19 Size: 38166MB BusType: 3
17:27:30.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:27:30.140 Disk 1 Vendor: FUJITSU_MPE3084AE EE-C0-23 Size: 8063MB BusType: 3
17:27:32.156 Disk 0 MBR read successfully
17:27:32.156 Disk 0 MBR scan
17:27:32.156 Disk 0 Windows XP default MBR code
17:27:34.156 Disk 0 scanning sectors +78140160
17:27:34.171 Disk 0 scanning C:\WINDOWS\system32\drivers
17:27:44.843 Service scanning
17:27:45.937 Disk 0 trace - called modules:
17:27:45.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:27:45.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a59cab8]
17:27:45.953 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a5b7480]
17:27:45.953 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a5b6030]
17:27:45.953 Scan finished successfully
17:28:03.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HomeXP\Desktop\Virus Solving\MBR.dat"
17:28:03.046 The log file has been saved successfully to "C:\Documents and Settings\HomeXP\Desktop\Virus Solving\aswMBR.txt"

#6 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:47 AM

Posted 04 May 2011 - 10:23 PM

Hi
The Combofix log should be able to be found here...

C:\Combofix.txt

Please Open the Combofix text file and copy and paste the log here.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#7 paulegt

paulegt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 05 May 2011 - 06:26 PM

Ok i looked there and did a file search but no log, i also ran program again and same as before happened.

It opens up fine and runs fine but at end the computer restarts instantly and the program never re-opens or produces a log.

Any ideas on why that might be happening?

Is a HJT Log any use instead?

Thanks
Paul

#8 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:47 AM

Posted 05 May 2011 - 07:58 PM

Hi Paul
Not sure why it would do that unless it's some malware not wanting it to finish.

Lets get a scan with this and see what we can see.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box copy and paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy the contents of the OTL log, and post them back here.

Thanks
maranatha

Edited by maranatha, 05 May 2011 - 08:00 PM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#9 paulegt

paulegt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 06 May 2011 - 02:45 AM

Morning, just complted those scans for you.

Here they are, i have posted both.

OTL logfile created on: 06/05/2011 07:34:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HomeXP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0G:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.05 Gb Free Space | 21.60% Space Free | Partition Type: NTFS
Drive E: | 320.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2.00 Gb Total Space | 0.37 Gb Free Space | 18.67% Space Free | Partition Type: FAT
Drive G: | 2.00 Gb Total Space | 0.38 Gb Free Space | 19.00% Space Free | Partition Type: FAT
Drive H: | 2.00 Gb Total Space | 0.68 Gb Free Space | 33.84% Space Free | Partition Type: FAT32
Drive I: | 1.84 Gb Total Space | 0.42 Gb Free Space | 22.89% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: HomeXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 07:31:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HomeXP\Desktop\OTL.exe
PRC - [2011/04/22 09:13:18 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/01 17:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/05/06 07:31:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HomeXP\Desktop\OTL.exe
MOD - [2011/02/23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/10/15 19:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/18 17:05:38 | 001,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/01 17:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/27 07:39:31 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/25 17:42:11 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/25 17:42:10 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/26 23:45:49 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/26 23:45:49 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/10/30 14:46:02 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2006/10/10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/10/10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/10/10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/10/10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006/04/28 16:24:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/03/24 17:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2005/05/24 16:32:01 | 000,030,371 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (iadusb)
DRV - [2005/03/04 18:15:54 | 000,077,072 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600obex.sys -- (k600obex)
DRV - [2005/03/04 18:13:46 | 000,079,248 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mgmt.sys -- (k600mgmt)
DRV - [2005/03/04 18:11:26 | 000,087,456 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdm.sys -- (k600mdm)
DRV - [2005/03/04 18:11:20 | 000,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdfl.sys -- (k600mdfl)
DRV - [2005/03/04 18:08:50 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600bus.sys -- (k600bus) Sony Ericsson 600i driver (WDM)
DRV - [2004/10/15 19:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 19:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 19:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 19:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 19:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 19:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/08/05 19:05:02 | 000,090,532 | ---- | M] (VM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2004/08/04 06:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/03 13:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2004/05/18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/09/10 12:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/02 00:31:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{49201FD8-2038-43F8-9B94-D6D3CA9BA68B}: C:\Documents and Settings\HomeXP\Local Settings\Application Data\{49201FD8-2038-43F8-9B94-D6D3CA9BA68B} [2009/11/16 00:49:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/11/26 01:26:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\HomeXP\Start Menu\Programs\Startup\Sygate Personal Firewall (2).lnk = C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HomeXP\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247478306203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247478297015 (MUWebControl Class)
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} https://register.btinternet.com/templates/btmailcontrol013.cab (mailhelper Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://www.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (CBreakshotControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.sc-server1.bt.com/broadband/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab (FlashXControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HomeXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HomeXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/28 13:32:51 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/20 03:41:46 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 07:31:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HomeXP\Desktop\OTL.exe
[2011/05/05 23:58:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/04 22:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HomeXP\My Documents\32
[2011/05/04 16:05:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/04 16:05:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/04 16:05:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/04 16:05:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/04 16:04:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/25 23:04:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HomeXP\Recent
[2011/04/25 09:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HomeXP\Desktop\Virus Solving
[2011/04/23 20:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/23 20:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 07:31:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HomeXP\Desktop\OTL.exe
[2011/05/06 07:29:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/06 07:29:38 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/06 07:29:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/06 07:29:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/06 07:28:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/06 00:20:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 11:54:12 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/04 22:38:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/04 18:41:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/04 17:05:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/05/04 15:59:23 | 004,337,235 | R--- | M] () -- C:\Documents and Settings\HomeXP\Desktop\ComboFix.exe
[2011/05/03 23:05:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/05/03 17:07:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/03 17:07:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/05/03 17:07:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/04/25 09:26:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HomeXP\defogger_reenable
[2011/04/22 09:14:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 22:29:15 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/04 16:05:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/04 16:05:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/04 16:05:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/04 16:05:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/04 16:05:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/04 15:59:23 | 004,337,235 | R--- | C] () -- C:\Documents and Settings\HomeXP\Desktop\ComboFix.exe
[2011/04/25 09:26:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HomeXP\defogger_reenable
[2011/03/20 21:36:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/03/20 21:36:36 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/03/20 21:36:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\HomeXP\Application Data\$_hpcst$.hpc
[2009/11/20 15:35:44 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\zxcvbd.dat
[2009/11/14 12:04:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/18 20:05:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/13 00:03:20 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/01 23:17:25 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\kbpxvcd.dll
[2008/12/31 15:47:15 | 000,068,409 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/12/31 15:47:15 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/12/31 15:34:37 | 000,068,383 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2008/12/31 15:34:36 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2008/07/06 09:36:49 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/04/20 10:13:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\KndKKKg.dat
[2008/04/20 10:13:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GndGGGg.dat
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/01 19:24:26 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/10/01 19:24:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/10/01 19:24:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/10/01 19:24:25 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/10/01 19:24:25 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/10/01 19:24:25 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/10/01 19:24:25 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/10/01 19:24:25 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/10/01 19:24:25 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/10/01 19:24:25 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/10/01 19:24:25 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/10/01 19:24:25 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/10/01 19:24:25 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/10/01 19:24:25 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/10/01 19:24:25 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/10/01 19:24:25 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/10/01 19:24:25 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/10/01 19:24:25 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/10/01 19:24:25 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/10/01 19:20:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE PM280EU.ini
[2007/05/27 22:16:15 | 000,011,643 | ---- | C] () -- C:\Documents and Settings\HomeXP\Application Data\NMM-MetaData.db
[2006/12/13 20:00:33 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2006/11/27 00:01:46 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2006/11/17 16:50:44 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/08/28 13:53:43 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\HomeXP\Application Data\ViewerApp.dat
[2006/08/26 09:37:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/08/26 09:36:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/27 00:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/05/30 21:26:37 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/01/29 02:40:54 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\F53B1CF899.dll
[2005/12/25 00:58:45 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/10/12 17:11:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2005/09/27 22:54:33 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/09/26 19:10:55 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2005/09/25 22:55:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/09/22 23:18:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/10 15:29:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isnooker.INI
[2005/08/07 15:39:10 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\HomeXP\Local Settings\Application Data\fusioncache.dat
[2005/06/30 20:52:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\THUMBV~1.INI
[2005/06/30 20:52:14 | 000,000,137 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2005/06/30 20:25:36 | 000,003,741 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2005/06/30 20:25:36 | 000,000,563 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2005/06/09 18:33:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2005/05/24 22:41:56 | 000,001,123 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/05/24 22:36:44 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/24 16:32:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2005/05/24 16:32:02 | 000,015,136 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2005/05/24 16:29:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/05/03 07:29:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_YELL.COM&896.xml
[2005/04/20 13:57:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WWW.THETHATCH.COM&660.xml
[2005/04/10 15:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_YELL.COM&903.xml
[2005/04/10 15:15:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_YELL.COM&772.xml
[2005/04/03 17:27:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/02/09 18:51:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WWW.INTRAVERSE.COM&858.xml
[2004/11/27 17:16:33 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/15 19:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/09/04 14:43:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2004/09/04 14:39:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004/09/04 14:39:48 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2004/08/28 15:02:54 | 000,022,962 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/19 17:57:44 | 000,000,303 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2004/08/19 17:52:39 | 000,000,302 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2004/08/19 17:52:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2004/08/19 17:52:29 | 000,005,110 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2004/08/19 17:52:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2004/02/28 14:48:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/02/28 13:26:11 | 000,192,000 | ---- | C] () -- C:\Documents and Settings\HomeXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/28 12:52:15 | 000,001,474 | ---- | C] () -- C:\WINDOWS\btclick.ini
[2004/02/28 03:38:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/28 03:19:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/02/28 03:13:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/02/28 02:07:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/28 02:06:20 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/30 16:23:48 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[2002/08/16 01:14:18 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,381,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,053,220 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2006/10/05 23:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/04/20 21:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/01/22 18:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/05/21 11:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/11/10 18:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/08/22 19:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/02/28 02:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kHdPeHn06308
[2007/10/31 19:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/04 19:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/25 00:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2005/09/29 00:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2007/12/09 17:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/11/16 01:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/01 19:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/04/20 21:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/09 20:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/14 00:03:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/10/05 23:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Ableton
[2009/04/20 21:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\acccore
[2007/11/02 22:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Audacity
[2007/05/27 18:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Datalayer
[2008/04/20 10:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Diskeeper Corporation
[2008/03/20 18:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\DNA
[2007/10/01 19:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\EPSON
[2006/06/18 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Exo
[2010/03/01 16:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\GARMIN
[2007/08/21 23:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Grisoft
[2007/03/31 00:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\IMVU
[2006/05/04 13:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Leadertech
[2009/09/02 01:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\MSA
[2006/06/06 18:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Nokia
[2007/10/28 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Nokia Multimedia Player
[2007/05/27 18:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\PC Suite
[2011/03/20 21:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Samsung
[2010/07/28 21:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\Sports Interactive
[2007/11/11 22:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\TomTom
[2009/07/06 00:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HomeXP\Application Data\uTorrent
[2011/05/03 23:05:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/05/03 17:07:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/05/03 17:07:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/05/04 17:05:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/05/03 17:07:20 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/06 07:29:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2004/09/14 21:47:58 | 002,765,656 | ---- | M] (Avery Dennison Corp. ) -- C:\Avery Wizard 2-5 English_UK.exe


< MD5 for: AGP440.SYS >
[2005/09/25 23:02:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/18 19:32:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/09/25 23:02:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/11/18 19:32:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/02/28 17:35:18 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/09/25 23:02:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/18 19:32:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/02/28 17:35:18 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2005/09/25 23:02:48 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/11/18 19:32:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/02/28 02:05:37 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/02/28 02:05:37 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/02/28 02:05:37 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >














OTL Extras logfile created on: 06/05/2011 07:34:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HomeXP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0G:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 8.05 Gb Free Space | 21.60% Space Free | Partition Type: NTFS
Drive E: | 320.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2.00 Gb Total Space | 0.37 Gb Free Space | 18.67% Space Free | Partition Type: FAT
Drive G: | 2.00 Gb Total Space | 0.38 Gb Free Space | 19.00% Space Free | Partition Type: FAT
Drive H: | 2.00 Gb Total Space | 0.68 Gb Free Space | 33.84% Space Free | Partition Type: FAT32
Drive I: | 1.84 Gb Total Space | 0.42 Gb Free Space | 22.89% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: HomeXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F92229B-8CE2-4482-8047-9DBF49CA5F58}" = Camera RAW Plug-In for EPSON Creativity Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32D5CBD0-E3A5-11D7-B6FB-00055D7C3943}" = USB Device Driver v1.25r004
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3686E7AE-19F9-470B-8D8C-02AE68A7B11B}" = Sony Ericsson PC Suite
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Vimicro USB PC Camera 301x
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49C08D37-71A2-442B-B439-662F276498E3}" = 2600
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"{4E64E769-E3AA-11D7-B6FB-00055D7C3943}" = USB Product Driver v2.33r005
"{5406144D-4A08-49B9-A8B8-2CFEEF741D80}" = MVCpromo
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6F146A80-8B4D-4248-B9F3-A182D988231C}" = 2600Trb
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110310727}" = Hardwood Solitaire Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111142333}" = Fish Tycoon
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{956673F5-0C6B-4428-A5D1-277AF533E098}" = EPSON PRINT Image Framer Tool
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A759C116-F7BD-4998-84CC-C35FEE3CDDB2}" = Avery Wizard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}" = IKEA Home Planner
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8890B12-4E4C-4E53-9ECB-96193BBA7767}" = EPSON Easy Photo Print
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C43A00F2-F6E7-4552-8CFC-62522239E3A4}" = 2600_Help
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9476F59-74AB-4E4B-A336-3A7D0FECB615}" = Macrogaming SweetIM 1.2a
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{F13D54AA-EE45-4394-8510-C612A56FD9BC}" = Creative Zen Touch
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F86FFD86-1966-4C6C-99D9-44A6E7AB97E3}" = SweetIM For Internet Explorer 1.0a
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)
"avast" = avast! Free Antivirus
"AVI Movie Player" = AVI Movie Player
"BT Home Hub" = BT Home Hub
"BT Softphone 1.5_is1" = BT Softphone 1.5.3.6
"BT Voyager 205 ADSL Router" = BT Voyager 205 ADSL Router
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"btbb.MCCInstall" = BT Broadband Desktop Help
"CCleaner" = CCleaner
"Coupon Printer2.0" = Coupon Printer
"Creative Jukebox Driver" = Creative Jukebox Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"ffdshow" = ffdshow (remove only)
"Football Manager 2008" = Football Manager 2008
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"givemeabreak.scr" = givemeabreak screensaver
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"Hardwood Solitaire Deluxe" = Hardwood Solitaire Deluxe
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InterActual Player" = InterActual Player
"iSnooker" = iSnooker
"Magic Vines_is1" = Magic Vines
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MuVo Driver" = MuVo Driver
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PM240_280 User's Guide" = PM240_280 User's Guide
"Presto! Image Folio 4.2" = Presto! Image Folio 4.2
"Presto! Mr.Photo 3" = Presto! Mr.Photo 3
"S4Uninst" = The Settlers IV
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Tranquil - Waterfalls" = Tranquil - Waterfalls Screen Saver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"IMVU Avatar chat client software BETA" = IMVU Avatar chat software (BETA)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/10/2010 13:15:04 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 24/10/2010 13:15:04 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 30/12/2010 19:05:45 | Computer Name = HOME | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 25/01/2011 11:55:03 | Computer Name = HOME | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Mail -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2762. The arguments are: , ,

Error - 25/01/2011 11:55:07 | Computer Name = HOME | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 25/01/2011 11:55:07 | Computer Name = HOME | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 27/02/2011 18:53:05 | Computer Name = HOME | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 20/03/2011 16:37:35 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 20/03/2011 16:37:35 | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 20/03/2011 16:37:50 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 29/04/2011 03:44:33 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 29/04/2011 03:44:48 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 29/04/2011 03:45:02 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 03/05/2011 13:03:32 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 03/05/2011 18:03:18 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PAUL-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{195CEF7A-3EEA-4CD4-9. The master browser is stopping or an election
is being forced.

Error - 04/05/2011 11:21:44 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Sygate Personal Firewall service terminated unexpectedly. It
has done this 1 time(s).

Error - 04/05/2011 13:19:50 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PAUL-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{195CEF7A-3EEA-4CD4-9. The master browser is stopping or an election
is being forced.

Error - 05/05/2011 13:17:28 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
PAUL-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{195CEF7A-3EEA-4CD4-9. The master browser is stopping or an election
is being forced.

Error - 05/05/2011 18:56:37 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Sygate Personal Firewall service terminated unexpectedly. It
has done this 1 time(s).

Error - 05/05/2011 19:13:39 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Sygate Personal Firewall service terminated unexpectedly. It
has done this 1 time(s).


< End of report >









Hope these help

Many hanks

Paul

#10 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:47 AM

Posted 06 May 2011 - 11:05 PM

Hi Paul

OK please do the following.

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into  the  "File to scan" box on the top of the page: one at a time

    • C:\Documents and Settings\NetworkService\Application Data\zxcvbd.dat
      C:\WINDOWS\System32\F53B1CF899.dll
      C:\WINDOWS\System32\CddbCdda.dll
      C:\WINDOWS\System32\ZPORT4AS.dll
  • Click on the submit file button
  • Please post the results in your next reply.

Now this.

Download a copy of HijackThis installer from here and save it to your Desktop.

  • Save HJTInstall.exe to your desktop.
  • Double-click on the HJTintall.exe icon on your desktop.
    (Let it install to the default location C:\Program Files\Hijackthis)
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon and then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch HijackThis.
  • Click on the Do a system scan and save a log file button.
    (It will scan and the log should open in Notepad.)
  • Click on "Edit" > "Select All" to highlight the entire Notepad contents.
  • Then click on "Edit" > "Copy".
  • Come back here to this thread and Paste the log in your next reply.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#11 paulegt

paulegt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 07 May 2011 - 04:57 AM

Hi, the online scanner found nothing on all of the 4 files.


Here is the HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:41, on 07/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Sygate Personal Firewall (2).lnk = C:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HomeXP\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.btclick.com/business
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247478306203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247478297015
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/btmailcontrol013.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/flashax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c98ae7ef12ef26) (gupdate1c98ae7ef12ef26) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13972 bytes



Many Thanks
Paul

#12 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:47 AM

Posted 07 May 2011 - 01:47 PM

Hi Paul

Nothing there either.

Lets get an on line scan.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
Close ATF Cleaner

Now the scan

Please Run the ESET Online Scanner and post the ScanLog..
[indent=1]
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Click on the ESET on line scanner button.
  • Check the “YES, I accept the Terms of Use” box. And click “Start”
    If your Pop=up blocker comes up, please allow the Add-ON
  • Be sure the option to Remove found threats is Un-checked and click Start.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log.
[/INDENT

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#13 paulegt

paulegt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 08 May 2011 - 05:14 PM

Hi, hope you have had a nice weekend.

I ran first program and cleaned all files,

ran the scan and it came up with 2 threats which it removed. I have left them in Q!

Here is what it removed

C:\Documents and Settings\HomeXP\Application Data\Sun\Java\Deployment\cache\6.0\39\386956a7-442da659 multiple threats deleted - quarantined
C:\Documents and Settings\HomeXP\Application Data\Sun\Java\Deployment\cache\6.0\42\3cb543ea-14537c45 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined



Now i think about it when i first ran Combofix it did delete something and i no longer have the warning at bottom of screen.
However because it would not produce a log i stayed alert to the fact there might be something in bkground.
You being the expert will have a better idea than me as to weather i am clear now :)


Many Thanks
Paul

#14 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:47 AM

Posted 08 May 2011 - 07:48 PM

Hi Paul
I believe you're clean, cleaning and updating Java was in my next steps.

Please do these in the oder given.

Click Start > Run  and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

This will uninstall ComboFix and remove the files/folders it created.
This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Please delete DDS and its log also awsMBR and its log.

  • Please double-click OTL.exe to run it if it wasn't deleted by Combofix.
  • Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Now this.

Please do a basic reset of your Router, this can be done by unplugging the power from the router for 30 seconds and then plugging the router back in.


Are you still getting this CiceroUIWndFrame message at shut down?

How to fix it

For CiceroUiwndFrame error which is due to a problem in CiceroUiwndFrame, the speed and handwriting recognition part of Office XP. To uninstall it
1. Go to Control panel ----> add and remove programs

2. Select Microsoft Office XP Professional with FrontPage and click on "change" option

3. Select Office shared features ---> Alternative user input --->Speech and Handwriting Recognition . Deselect both the options


Please do this and let me know if it helps your Windows Update problem.
Please try the steps outlined in the following Microsoft Article: http://support.microsoft.com/kb/971058

Update your Java
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
    • http://java.sun.com/javase/downloads/index.jsp
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • On the general tab, at the bottom it has "temporary internet files"
  • Click the settings button. Then the Delete files button.
  • There are two options in the window to clear the cache - Leave both Checked

    Applications and Applets
    Trace and Log files
  • Click OK
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
  • Delete older versions from Add/Remove list.


Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following:

Eusing Free Registry Cleaner
SUPERAntiSpyware Free Edition
Panda ActiveScan 2.0
(Any Old Java updates)


Let me know how that went and any problems that you still see.

Lets stay away from automatic registry cleaners, they usually cause more harm then good.

Thanks
maranatha

Edited by maranatha, 08 May 2011 - 07:53 PM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#15 paulegt

paulegt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 13 May 2011 - 10:32 AM

Sorry for long delay in reply but i have been very busy.
Computer seems to be working so much better now and no problems to report whatsoever.

Thank you so much for all your time and effort in helping me.
I cant thank you or this site enough.
Keep up the good will and work

A very greatful

Paul




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users