Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google / Yahoo redirect impossible to remove.


  • This topic is locked This topic is locked
22 replies to this topic

#1 murciel

murciel

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 18 June 2011 - 11:15 AM

Nothing since to be working for me.
This is my last hope. Iím posting my HijackThis log.
Please Help.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:14:12 PM, on 6/18/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnVir Task Manager Pro\AnVir.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnVir Task Manager Pro] "C:\Program Files\AnVir Task Manager Pro\AnVir.exe" Minimized
O4 - HKUS\S-1-5-21-1078081533-2000478354-1177238915-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1078081533-2000478354-1177238915-1007\..\Run: [AnVir Task Manager Pro] "C:\Program Files\AnVir Task Manager Pro\AnVir.exe" Minimized (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\WINDOWS\system32\\AstSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 7366 bytes

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:45 AM

Posted 22 June 2011 - 10:00 PM

Please post the ComboFix Log(s)

as well run the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 murciel

murciel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 24 June 2011 - 10:01 AM

Hi CatByte,
Thank you in advance, but my problem with the scanners like ComboFix and the 2 you suggested, is that all of them enter into a loop and apparently the system hangs.
When I go to task manager, I can see the CPU at 50% load and the application running, but it never come out of that status.
However the DDS.com managed to generate a log that appeared on my desktop after hard booting de PC, but and I canít post it because is too long according with forum limitation. So I uploaded to: http://www.baires.biz/FTP/regrunlog.txt
I hope you can figure it out.
Regards, M

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:45 AM

Posted 24 June 2011 - 10:46 AM

are you able to access safe mode? (tap F8 on reboot till an option menu appears > arrow up to safe mode with networking)


Run the following scan in safe mode if it will not run in normal mode:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 murciel

murciel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 26 June 2011 - 03:42 PM

Ok, I ran the PC in safe mode, than downloaded TDSSKiller.zip, unzip and execute it.
Following this you cans see the results.

2011/06/26 17:27:48.0250 1604 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/26 17:27:48.0906 1604 ================================================================================
2011/06/26 17:27:48.0906 1604 SystemInfo:
2011/06/26 17:27:48.0906 1604
2011/06/26 17:27:48.0906 1604 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/26 17:27:48.0906 1604 Product type: Workstation
2011/06/26 17:27:48.0906 1604 ComputerName: STORMDOOR
2011/06/26 17:27:48.0906 1604 UserName: Robert
2011/06/26 17:27:48.0906 1604 Windows directory: C:\WINDOWS
2011/06/26 17:27:48.0906 1604 System windows directory: C:\WINDOWS
2011/06/26 17:27:48.0906 1604 Processor architecture: Intel x86
2011/06/26 17:27:48.0906 1604 Number of processors: 2
2011/06/26 17:27:48.0906 1604 Page size: 0x1000
2011/06/26 17:27:48.0906 1604 Boot type: Safe boot with network
2011/06/26 17:27:48.0906 1604 ================================================================================
2011/06/26 17:27:50.0140 1604 Initialize success
2011/06/26 17:27:59.0328 1740 ================================================================================
2011/06/26 17:27:59.0328 1740 Scan started
2011/06/26 17:27:59.0328 1740 Mode: Manual;
2011/06/26 17:27:59.0328 1740 ================================================================================
2011/06/26 17:28:00.0843 1740 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/06/26 17:28:00.0906 1740 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/26 17:28:01.0015 1740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/26 17:28:01.0046 1740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/26 17:28:01.0171 1740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/26 17:28:01.0218 1740 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/26 17:28:01.0421 1740 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/06/26 17:28:01.0484 1740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/26 17:28:01.0593 1740 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/06/26 17:28:01.0671 1740 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/06/26 17:28:01.0718 1740 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/26 17:28:01.0781 1740 aswFW (7c561e8e168bcf8d834b7d4a6a40dcbf) C:\WINDOWS\system32\drivers\aswFW.sys
2011/06/26 17:28:01.0796 1740 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/26 17:28:01.0828 1740 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
2011/06/26 17:28:01.0875 1740 aswNdis2 (5cb9cc0220a9522b449b56e2260d9020) C:\WINDOWS\system32\drivers\aswNdis2.sys
2011/06/26 17:28:01.0906 1740 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/26 17:28:01.0953 1740 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/26 17:28:01.0968 1740 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/26 17:28:02.0000 1740 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/26 17:28:02.0046 1740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/26 17:28:02.0078 1740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/26 17:28:02.0156 1740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/26 17:28:02.0218 1740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/26 17:28:02.0296 1740 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/06/26 17:28:02.0328 1740 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/06/26 17:28:02.0375 1740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/26 17:28:02.0421 1740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/26 17:28:02.0453 1740 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/26 17:28:02.0531 1740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/26 17:28:02.0546 1740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/26 17:28:02.0578 1740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/26 17:28:02.0796 1740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/26 17:28:02.0859 1740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/26 17:28:02.0890 1740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/26 17:28:02.0921 1740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/26 17:28:02.0984 1740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/26 17:28:03.0031 1740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/26 17:28:03.0234 1740 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2011/06/26 17:28:03.0328 1740 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2011/06/26 17:28:03.0390 1740 exFat (3ef58f2eae3aecab45d682152db2f67d) C:\WINDOWS\system32\drivers\exFat.sys
2011/06/26 17:28:03.0421 1740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/26 17:28:03.0453 1740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/26 17:28:03.0484 1740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/26 17:28:03.0515 1740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/26 17:28:03.0562 1740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/26 17:28:03.0609 1740 Fs_Rec (c865b83411d7347627a4beec22543fb1) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/26 17:28:03.0640 1740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/26 17:28:03.0687 1740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/26 17:28:03.0718 1740 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/06/26 17:28:03.0796 1740 hcmon (709613742863ecb727eda5564889cae0) C:\WINDOWS\system32\drivers\hcmon.sys
2011/06/26 17:28:03.0812 1740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/26 17:28:03.0890 1740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/26 17:28:03.0968 1740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/26 17:28:04.0062 1740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/26 17:28:04.0125 1740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/26 17:28:04.0312 1740 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/26 17:28:04.0437 1740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/26 17:28:04.0453 1740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/26 17:28:04.0515 1740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/26 17:28:04.0531 1740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/26 17:28:04.0578 1740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/26 17:28:04.0609 1740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/26 17:28:04.0656 1740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/26 17:28:04.0718 1740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/26 17:28:04.0781 1740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/26 17:28:04.0828 1740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/26 17:28:04.0859 1740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/26 17:28:05.0015 1740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/26 17:28:05.0078 1740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/26 17:28:05.0156 1740 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/06/26 17:28:05.0203 1740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/26 17:28:05.0234 1740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/26 17:28:05.0250 1740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/26 17:28:05.0312 1740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/26 17:28:05.0375 1740 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/26 17:28:05.0437 1740 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/06/26 17:28:05.0468 1740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/26 17:28:05.0515 1740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/26 17:28:05.0578 1740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/26 17:28:05.0593 1740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/26 17:28:05.0656 1740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/26 17:28:05.0671 1740 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/26 17:28:05.0718 1740 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/06/26 17:28:05.0750 1740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/26 17:28:05.0812 1740 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/26 17:28:05.0843 1740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/26 17:28:05.0890 1740 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/26 17:28:05.0937 1740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/26 17:28:05.0953 1740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/26 17:28:05.0984 1740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/26 17:28:06.0015 1740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/26 17:28:06.0046 1740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/26 17:28:06.0078 1740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/26 17:28:06.0140 1740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/26 17:28:06.0203 1740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/26 17:28:06.0250 1740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/26 17:28:06.0328 1740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/26 17:28:06.0500 1740 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/26 17:28:06.0656 1740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/26 17:28:06.0687 1740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/26 17:28:06.0718 1740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/26 17:28:06.0765 1740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/26 17:28:06.0828 1740 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
2011/06/26 17:28:06.0843 1740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/26 17:28:06.0890 1740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/26 17:28:06.0921 1740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/26 17:28:06.0968 1740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/26 17:28:07.0015 1740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/26 17:28:07.0250 1740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/26 17:28:07.0312 1740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/26 17:28:07.0343 1740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/26 17:28:07.0515 1740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/26 17:28:07.0546 1740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/26 17:28:07.0578 1740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/26 17:28:07.0609 1740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/26 17:28:07.0640 1740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/26 17:28:07.0671 1740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/26 17:28:07.0703 1740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/26 17:28:07.0765 1740 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/26 17:28:07.0796 1740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/26 17:28:07.0828 1740 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
2011/06/26 17:28:07.0906 1740 RkHit (330e42b31708ca5a7bad26ff96de2dae) C:\WINDOWS\system32\drivers\RKHit.sys
2011/06/26 17:28:07.0984 1740 RTLE8023xp (75a0fb48efaac5d8dcd68e15cba76691) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/26 17:28:08.0062 1740 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/06/26 17:28:08.0109 1740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/26 17:28:08.0171 1740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/26 17:28:08.0203 1740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/26 17:28:08.0265 1740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/26 17:28:08.0343 1740 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/26 17:28:08.0406 1740 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/26 17:28:08.0484 1740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/26 17:28:08.0546 1740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/26 17:28:08.0593 1740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/26 17:28:08.0640 1740 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/26 17:28:08.0671 1740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/26 17:28:08.0734 1740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/26 17:28:08.0890 1740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/26 17:28:08.0953 1740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/26 17:28:09.0031 1740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/26 17:28:09.0062 1740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/26 17:28:09.0093 1740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/26 17:28:09.0187 1740 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/06/26 17:28:09.0218 1740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/26 17:28:09.0281 1740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/26 17:28:09.0359 1740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/26 17:28:09.0406 1740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/26 17:28:09.0453 1740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/26 17:28:09.0484 1740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/26 17:28:09.0531 1740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/26 17:28:09.0578 1740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/26 17:28:09.0593 1740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/26 17:28:09.0687 1740 vmci (a564ff4a12c9e631f02676969d502e4b) C:\WINDOWS\system32\Drivers\vmci.sys
2011/06/26 17:28:09.0718 1740 vmkbd (bf2b2505951ea35f9ec51711c574777a) C:\WINDOWS\system32\drivers\VMkbd.sys
2011/06/26 17:28:09.0750 1740 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
2011/06/26 17:28:09.0796 1740 VMnetuserif (57ff51b915ae6655209c22f900c11e24) C:\WINDOWS\system32\drivers\vmnetuserif.sys
2011/06/26 17:28:09.0828 1740 VMparport (3b00346b493cb288e1b0d3880e375c55) C:\WINDOWS\system32\Drivers\VMparport.sys
2011/06/26 17:28:09.0875 1740 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
2011/06/26 17:28:09.0921 1740 vmx86 (210a7107c3e19f7e5a3949e855801ff8) C:\WINDOWS\system32\Drivers\vmx86.sys
2011/06/26 17:28:09.0953 1740 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
2011/06/26 17:28:10.0000 1740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/26 17:28:10.0031 1740 vstor2-ws60 (e4fa7aff5046fc49de22e903b7e35add) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2011/06/26 17:28:10.0109 1740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/26 17:28:10.0171 1740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/26 17:28:10.0312 1740 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/26 17:28:10.0328 1740 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/26 17:28:10.0390 1740 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/26 17:28:10.0437 1740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/26 17:28:10.0484 1740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/26 17:28:10.0593 1740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/26 17:28:10.0687 1740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/26 17:28:10.0734 1740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/06/26 17:28:10.0765 1740 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
2011/06/26 17:28:10.0781 1740 ================================================================================
2011/06/26 17:28:10.0781 1740 Scan finished
2011/06/26 17:28:10.0781 1740 ================================================================================
2011/06/26 17:28:10.0812 1732 Detected object count: 0
2011/06/26 17:28:10.0812 1732 Actual detected object count: 0

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:45 AM

Posted 26 June 2011 - 03:59 PM

OK,

Please give ComboFix a try in safe mode now

make sure you disable all your security programs and close all open windows:

download a fresh copy of ComboFix from the link below:

Link 1

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 murciel

murciel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 26 June 2011 - 05:43 PM

I did try ComboFix in safe mode, but the program apparently freezes when start scanning for infected files.
In the [task manager] it show running with 50% CPU usage.
I so it working in other machines, but on this one, never shows the first scanning #

The only way our of that status is a hard boot.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:45 AM

Posted 26 June 2011 - 06:07 PM

Please run the following:

  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 murciel

murciel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 27 June 2011 - 11:12 AM

OTL logfile created on: 6/27/2011 12:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.69% Memory free
3.34 Gb Paging File | 3.03 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 457.03 Gb Total Space | 254.21 Gb Free Space | 55.62% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 118.00 Gb Free Space | 50.67% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 56.28 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
Drive M: | 8.73 Gb Total Space | 5.05 Gb Free Space | 57.84% Space Free | Partition Type: NTFS
Drive R: | 48.83 Gb Total Space | 34.39 Gb Free Space | 70.43% Space Free | Partition Type: NTFS
Drive S: | 439.45 Gb Total Space | 141.14 Gb Free Space | 32.12% Space Free | Partition Type: NTFS
Drive T: | 443.22 Gb Total Space | 242.11 Gb Free Space | 54.63% Space Free | Partition Type: NTFS

Computer Name: STORMDOOR | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/27 10:11:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/05/10 09:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 09:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/27 10:11:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
MOD - [2010/08/23 13:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 06:42:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 06:41:50 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 09:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/10 09:10:56 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2010/10/09 16:00:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/29 15:43:22 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/08/15 00:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/08/15 00:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/08/15 00:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/12/01 15:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\\AstSrv.exe -- (Ast Service)


========== Driver Services (SafeList) ==========

DRV - [2011/06/19 17:58:30 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2011/06/19 16:57:41 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2011/05/10 09:04:46 | 000,102,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/05/10 09:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 09:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 09:03:31 | 000,192,984 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/05/10 09:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 09:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 08:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 08:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 08:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/23 10:34:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/12/30 14:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - [2010/09/09 19:13:02 | 000,234,728 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/07/15 09:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/14 12:17:04 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2009/11/09 00:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/08/15 00:20:36 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/08/15 00:20:34 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2009/08/15 00:20:34 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/08/15 00:20:32 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/08/15 00:20:32 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/08/15 00:19:08 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2009/08/14 17:40:04 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/08/14 17:40:04 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/05/22 12:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/01 15:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/08/05 09:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/12/17 06:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/01/04 04:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/11/21 02:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/08/14 06:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [Binary data over 100 bytes]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?rd=1
IE - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/07 16:46:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 00:00:28 | 000,000,000 | ---D | M]

[2011/05/20 00:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2011/06/22 17:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\05gjcr1z.default\extensions
[2011/06/14 17:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/14 17:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBERT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\05GJCR1Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/07 16:46:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/14 17:56:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/17 20:49:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 13:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/06/14 17:56:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
[2010/01/01 05:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/21 08:58:15 | 000,000,841 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://results.google-analytics.com/
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\..\Toolbar\WebBrowser: (no name) - {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007..\Run: [AnVir Task Manager Pro] C:\Program Files\AnVir Task Manager Pro\AnVir.exe (AnVir Software)
O4 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 359
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.26 213.109.77.22 1.1.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/15 06:42:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/08 00:01:09 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/08 00:01:09 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/08 00:01:09 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/08 00:01:09 | 000,000,000 | R--D | M] - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/08 00:01:10 | 000,000,000 | RHSD | M] - R:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/08 00:01:10 | 000,000,000 | RHSD | M] - S:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/05/08 00:01:10 | 000,000,000 | RHSD | M] - T:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 10:11:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/06/26 19:12:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/26 19:02:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/26 19:02:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/26 18:59:46 | 004,126,959 | R--- | C] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2011/06/24 10:11:31 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Robert\Desktop\aswMBR.exe
[2011/06/23 16:19:39 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Robert\Desktop\dds.scr
[2011/06/23 16:19:20 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Robert\Desktop\dds.com
[2011/06/21 10:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\Fix
[2011/06/19 17:44:03 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2011/06/19 16:57:41 | 000,039,192 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2011/06/19 16:57:41 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2011/06/19 16:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\RegRun2
[2011/06/19 16:57:31 | 000,012,808 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2011/06/19 16:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UnHackMe
[2011/06/19 16:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2011/06/19 16:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2011/06/14 17:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/14 17:56:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/14 17:56:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/14 17:56:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/14 17:56:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/14 17:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/08 13:39:59 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2011/06/08 13:39:56 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2011/06/07 16:35:38 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/07 16:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2011/06/07 16:35:37 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/07 16:35:35 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011/06/07 16:35:24 | 000,192,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011/06/07 16:35:23 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/07 16:35:23 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/07 16:35:22 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/07 16:35:22 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/07 16:35:22 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/07 16:35:22 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/07 16:35:04 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/07 16:35:04 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011/06/07 16:35:03 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/07 13:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Start Menu\Programs\Cartilla
[2011/06/06 17:08:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Robert\My Documents\My Data Sources
[2011/06/02 01:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/06/01 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/05/30 11:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/05/28 20:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\debug
[2011/05/28 15:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Robert\My Documents\*.tmp files -> C:\Documents and Settings\Robert\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 12:44:20 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/27 12:18:46 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\CorelDRAW 12.lnk
[2011/06/27 12:17:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2000478354-1177238915-1007UA.job
[2011/06/27 12:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/27 10:26:39 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Corel PHOTO-PAINT 12.lnk
[2011/06/27 10:11:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2011/06/27 10:08:39 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Microsoft Word.lnk
[2011/06/27 09:57:02 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/06/27 09:55:18 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/06/27 09:55:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/27 09:54:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/26 19:00:25 | 004,126,959 | R--- | M] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2011/06/26 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/06/26 17:04:09 | 000,002,284 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/24 14:15:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\05-19-2011_140656.job
[2011/06/24 13:50:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\05-19-2011_135055.job
[2011/06/24 10:12:03 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Robert\Desktop\aswMBR.exe
[2011/06/23 22:17:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2000478354-1177238915-1007Core.job
[2011/06/23 16:19:46 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Robert\Desktop\dds.scr
[2011/06/23 16:19:27 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Robert\Desktop\dds.com
[2011/06/23 15:59:07 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Microsoft Excel.lnk
[2011/06/21 19:32:28 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\spider.sav
[2011/06/21 08:58:15 | 000,000,841 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/19 20:35:57 | 000,000,443 | ---- | M] () -- C:\WINDOWS\capture.ini
[2011/06/19 19:17:34 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Corel CAPTURE 12.lnk
[2011/06/19 17:58:30 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2011/06/19 16:57:41 | 000,039,192 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2011/06/19 16:57:41 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2011/06/19 16:57:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/19 16:57:34 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/06/19 16:57:34 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2011/06/19 16:57:31 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\UnHackMe.lnk
[2011/06/18 14:25:51 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Ford Technical Service Publications.lnk
[2011/06/18 11:38:45 | 000,349,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 11:38:45 | 000,055,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 10:10:11 | 000,001,331 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Service Information.lnk
[2011/06/16 14:20:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/14 23:18:13 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Google Chrome.lnk
[2011/06/14 23:18:13 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/14 18:21:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/14 17:56:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/14 17:56:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/14 17:56:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/14 17:56:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/14 17:56:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/09 02:29:29 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/06/08 10:49:43 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Microsoft FrontPage.lnk
[2011/06/07 16:35:38 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/06/07 15:49:25 | 000,221,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/01 12:22:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/01 01:43:01 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2011/05/31 02:30:27 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/05/31 00:16:19 | 000,044,037 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2011/05/30 19:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 15:00:44 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Robert\My Documents\*.tmp files -> C:\Documents and Settings\Robert\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 19:30:49 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\spider.sav
[2011/06/19 16:57:34 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2011/06/19 16:57:31 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\UnHackMe.lnk
[2011/06/07 16:35:38 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2011/06/01 23:32:57 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/05/30 11:58:01 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/05/30 11:57:59 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/05/29 14:58:36 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 14:58:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 00:08:37 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Ad Annihilator.aap
[2011/05/23 17:36:05 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to DisplayCplExt.dll.lnk
[2011/05/23 16:42:29 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/23 16:42:29 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/23 16:42:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/23 16:42:22 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/19 17:50:18 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2011/05/17 21:37:22 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/03 11:20:26 | 000,039,320 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\SMRResults162.dat
[2011/05/02 17:12:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/02 17:12:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/02 17:12:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/02 17:12:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/02 17:12:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/30 13:23:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2011/03/24 00:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/14 13:16:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/03/14 13:16:36 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/02/16 13:48:23 | 000,000,540 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2011/02/16 13:47:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AIMPR.INI
[2011/01/04 10:56:50 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 09:55:45 | 000,000,122 | ---- | C] () -- C:\WINDOWS\_vmtxp.ini
[2010/10/19 20:14:32 | 000,000,166 | ---- | C] () -- C:\WINDOWS\LuminancesDlg.ini
[2010/10/14 13:55:52 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2010/10/14 13:55:52 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2010/10/14 13:55:52 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2010/10/14 13:55:52 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2010/10/14 13:55:52 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2010/10/14 13:55:52 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2010/10/14 13:55:52 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2010/10/06 14:40:46 | 000,767,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/01 17:31:30 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2010/09/01 17:31:30 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2010/09/01 17:31:30 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/09/01 17:12:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2010/08/24 17:09:43 | 000,000,067 | ---- | C] () -- C:\WINDOWS\GeoMulti.ini
[2010/08/24 17:09:43 | 000,000,022 | ---- | C] () -- C:\WINDOWS\geobcast.ini
[2010/08/24 17:09:43 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GEO_CS.ini
[2010/08/24 17:09:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Upload.ini
[2010/08/24 17:09:42 | 000,000,357 | ---- | C] () -- C:\WINDOWS\GeoRuntime.ini
[2010/08/24 17:09:42 | 000,000,123 | ---- | C] () -- C:\WINDOWS\GeoDebug61.ini
[2010/08/24 17:09:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\geohealth.ini
[2010/08/24 17:09:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\GeoMpeg4.ini
[2010/08/24 17:09:42 | 000,000,017 | ---- | C] () -- C:\WINDOWS\GeoPal.ini
[2010/08/24 17:09:25 | 000,000,150 | ---- | C] () -- C:\WINDOWS\geoModem.ini
[2010/08/24 17:08:07 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GeoDxDraw.ini
[2010/08/24 17:06:03 | 000,000,128 | ---- | C] () -- C:\WINDOWS\GeoImageProcess.ini
[2010/08/24 09:54:06 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/24 09:54:06 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/24 09:54:06 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/24 09:54:06 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/24 09:54:06 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/08/24 02:05:24 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
[2010/08/12 18:02:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/08/12 18:02:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/08/11 17:54:33 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\VNCPM.DLL.del
[2010/08/11 01:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2010/07/26 01:24:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PROGMAN.INI
[2010/07/20 23:14:06 | 000,001,998 | ---- | C] () -- C:\WINDOWS\tcadwin2.ini
[2010/07/17 00:30:46 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/10 05:27:24 | 000,000,196 | ---- | C] () -- C:\WINDOWS\MaterialsDlg.ini
[2010/07/10 05:27:24 | 000,000,155 | ---- | C] () -- C:\WINDOWS\EnvironmentsDlg.ini
[2010/07/05 17:30:57 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2010/07/05 17:30:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPEG32.DLL
[2010/07/05 17:30:57 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiMResNT.dll
[2010/07/05 17:30:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\BiMAppNT.exe
[2010/07/05 09:34:10 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\regcodec.exe
[2010/07/02 10:13:00 | 000,000,272 | ---- | C] () -- C:\WINDOWS\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini
[2010/06/18 07:48:32 | 000,000,443 | ---- | C] () -- C:\WINDOWS\capture.ini
[2010/06/16 15:46:13 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2010/06/16 13:48:40 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/16 10:53:47 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/06/16 09:10:35 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/06/16 09:10:35 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/06/16 09:10:32 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/06/16 09:10:32 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/06/16 09:06:22 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/16 09:03:54 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/06/16 09:03:45 | 000,018,191 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/16 09:03:43 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/06/15 13:33:03 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/15 06:44:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/15 06:39:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/14 21:34:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/13 17:50:52 | 000,221,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 04:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 04:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 04:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/11/05 09:42:45 | 000,062,400 | ---- | C] () -- C:\WINDOWS\System32\IFC.dll
[2008/11/05 09:41:56 | 000,422,848 | ---- | C] () -- C:\WINDOWS\System32\PPL.dll
[2008/08/05 18:37:40 | 000,460,199 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/04/27 21:28:44 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/07/20 10:25:18 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll
[2007/06/24 18:01:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/09 18:29:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2006/02/09 18:29:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2004/08/04 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 09:00:00 | 000,349,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 09:00:00 | 000,055,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 07:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/01/02 12:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Adblock
[2010/06/15 03:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/05 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/06/07 16:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/10/21 22:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DTLink Software
[2010/06/16 11:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/05/17 21:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/09 11:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSIDesign
[2011/03/14 14:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/06/06 17:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyPoiWorld
[2011/05/20 15:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/05/04 00:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2010/07/24 02:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/05/27 00:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/24 00:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2010/06/16 10:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
[2010/07/19 10:00:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8A7B2B88-D05A-44E4-95DD-EFA289D31BF9}
[2011/05/25 00:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Ad Annihilator.files
[2010/11/26 12:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\AMPSoft
[2011/05/20 15:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DriverCure
[2010/11/10 18:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DTLink Software
[2010/11/23 19:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/01/21 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FreeSoft
[2010/11/12 10:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GARMIN
[2011/01/15 01:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GeoVid
[2010/11/18 12:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Hide IP NG
[2010/11/11 08:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IMSIDesign
[2011/05/20 15:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ParetoLogic
[2011/01/03 12:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Safer Networking
[2010/11/29 13:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SanDisk
[2010/12/28 16:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simple Adblock
[2010/12/08 17:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Uniblue
[2011/06/24 13:50:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\05-19-2011_135055.job
[2011/06/24 14:15:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\05-19-2011_140656.job
[2011/06/26 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/06/27 09:55:18 | 000,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/06/09 02:29:29 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2011/05/31 02:30:27 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2011/05/16 16:08:46 | 000,032,458 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/12/08 18:00:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job.bak

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D083E4C6
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99671BE2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD34FE88
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 6/27/2011 12:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.69% Memory free
3.34 Gb Paging File | 3.03 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 457.03 Gb Total Space | 254.21 Gb Free Space | 55.62% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 118.00 Gb Free Space | 50.67% Space Free | Partition Type: NTFS
Drive H: | 232.88 Gb Total Space | 56.28 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
Drive M: | 8.73 Gb Total Space | 5.05 Gb Free Space | 57.84% Space Free | Partition Type: NTFS
Drive R: | 48.83 Gb Total Space | 34.39 Gb Free Space | 70.43% Space Free | Partition Type: NTFS
Drive S: | 439.45 Gb Total Space | 141.14 Gb Free Space | 32.12% Space Free | Partition Type: NTFS
Drive T: | 443.22 Gb Total Space | 242.11 Gb Free Space | 54.63% Space Free | Partition Type: NTFS

Computer Name: STORMDOOR | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Ipswitch\WS_FTP Pro\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\MyPoi Manager\MyPoiManager.exe" = C:\Program Files\MyPoi Manager\MyPoiManager.exe:*:Enabled:MyPoi Manager -- (MyPoi World)
"C:\Program Files\Net2Phone CommCenter\CommCtr.exe" = C:\Program Files\Net2Phone CommCenter\CommCtr.exe:*:Enabled:Net2Phone CommCenter Client GUI Module -- (Net2Phone Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{0BB641C5-5CDF-44D5-9304-1F994DF77692}" = TurboCAD Symbols
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1EA9F5CC-BD77-48FC-A9AF-E71646F2E55B}" = TurboCAD Deluxe 14
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3D263D43-FFA4-4B03-9663-6868AABC1AFC}" = RealSpeak Solo para Castellano, Isabel
"{428D4F80-D3C5-45B0-9ED7-483C793DCF65}" = TeamTrade
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5F71F4DD-4985-45E3-8811-5689091E8BB0}" = Eudora
"{61CC67B1-6FE9-433F-93B2-32D2BCC76990}" = TurboCAD Professional 16
"{63C3E43C-D35F-4F6C-85A1-6F3631B0C8CA}" = Mapear V9
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{701BBC57-36E7-4184-9E7A-3B8CFC16B255}_is1" = Mapear V9.30 version 9.30
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BDB9DCF-62FF-4D0A-A634-0910E7F5D668}" = Mapear V8.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{936776B4-1FCA-4f51-ADE3-C553FC2FD240}" = Survey
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96EF451E-A402-44D8-BAEE-D70D558A4122}" = Ultra Hal Text-to-Speech Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3A6A319-F194-4065-A255-26C03D33A0F8}" = Live Email Verifier Professional
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBACAD2-4DAF-490E-932B-E330B33FCF98}" = Softi FreeOCR
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2B06452-8AA5-4938-8D3D-BC5D19352217}" = DesignCAD 3D Max 19
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6987ECB-076F-47A2-874D-99C7FAD6A775}" = Mapa do Brasil
"{BB7C0C8E-CF0B-44C5-B838-9ED93D15DBDF}" = Map of South America
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D181A318-28DF-4B83-8F13-24C2D0BDA12D}" = Garmin POI Loader
"{E374DB02-F12D-4733-B5ED-F8FC86ED23CC}" = GPS TrackMaker
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeô 5.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"33555412-5137-4E9C-A1EC-7F48E48B9F1F_is1" = XLQ
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All Media Fixer_is1" = All Media Fixer 9.11
"AMP Font Viewer" = AMP Font Viewer
"AnVir Task Manager Free" = AnVir Task Manager Free
"AnVir Task Manager Pro" = AnVir Task Manager Pro
"AnyToISO_is1" = AnyToISO
"Aurigma Image Uploader 4.7 Redistributable_is1" = Aurigma Image Uploader 4.7 Redistributable
"avast" = avast! Internet Security
"AVS Update Manager_is1" = AVS Update Manager 1.0 (Update Version)
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Barrios" = Barrios
"Belarc Advisor" = Belarc Advisor 8.2
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Cartilla OSDE" = Cartilla OSDE
"CCleaner" = CCleaner (remove only)
"cGPSmapper Free_is1" = cGPSmapper Free 0100d
"Ciclovias" = Ciclovias
"Cookie Monster" = Cookie Monster
"Duplicate Cleaner_is1" = Duplicate Cleaner 1.2
"DVD Ripper Platinum 4" = DVD Ripper Platinum 4
"DVD Shrink_is1" = DVD Shrink 3.2
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition
"Easy Credit Card Checker_is1" = Easy Credit Card Checker 1.2
"Easy DVD Creator_is1" = Easy DVD Creator 2.2.0
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"File Renamer Pro_is1" = File Renamer Pro 2.0
"FLV Player2.0 " = FLV Player
"FreeButtons.org" = FreeButtons.org
"Hide IP NG_is1" = Hide IP NG 1.55
"HTML Compress_is1" = HTML Compress
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"iPod movie Converter 3" = iPod movie Converter 3
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MapSource" = MapSource
"Microcentro" = Microcentro
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Net2Phone CommCenter" = Net2Phone CommCenter
"NetPal" = Cookie Pal
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OK Registry Cleaner_is1" = OK Registry Cleaner v2.0
"Personal Stock Monitor" = Personal Stock Monitor Gold 9.3.1
"PLOUTAB 2.3 Demo_is1" = PLOUTAB 2.3 Demo
"PowerISO" = PowerISO
"RealHideIP" = Real Hide IP
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"roguescanfix_setup_is1" = roguescanfix 1.5
"SMSFull 2.1" = SMSFull 2.1
"Sound Forge 5.0" = Sound Forge 5.0
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"Spyware Cease 2011_is1" = Spyware Cease v7.1
"ST5UNST #1" = QuickLOAD
"Tweak-XP Pro 4" = Tweak-XP Pro 4
"Ultra Video Splitter_is1" = Ultra Video Splitter 5.1.0713
"UnHackMe_is1" = UnHackMe 5.99 release
"Unlocker" = Unlocker 1.8.9
"ViceVersa Pro 2_is1" = ViceVersa Pro 2 (Build 2011)
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.9
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.2b
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu_is1" = Xenu's Link Sleuth
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.8
"ZonasPeligrosas" = Zonas Peligrosas

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-2000478354-1177238915-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced IM Password Recovery" = Advanced IM Password Recovery (remove only)
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/19/2011 11:24:33 PM | Computer Name = STORMDOOR | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/19/2011 11:24:33 PM | Computer Name = STORMDOOR | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 5/23/2011 4:03:29 AM | Computer Name = STORMDOOR | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The directory name is invalid.

Error - 5/23/2011 4:03:31 AM | Computer Name = STORMDOOR | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The directory name is invalid.

Error - 6/1/2011 9:55:37 PM | Computer Name = STORMDOOR | Source = MsiInstaller | ID = 11722
Description =

Error - 6/1/2011 9:59:38 PM | Computer Name = STORMDOOR | Source = MsiInstaller | ID = 11722
Description =

Error - 6/1/2011 10:07:05 PM | Computer Name = STORMDOOR | Source = MsiInstaller | ID = 11722
Description =

Error - 6/1/2011 10:34:29 PM | Computer Name = STORMDOOR | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 1616 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {4A03706F-666A-4037-7777-5F2748764D10}

Error - 6/1/2011 10:34:35 PM | Computer Name = STORMDOOR | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 1616 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {26A24AE4-039D-4CA4-87B4-2F83216020FF}

Error - 6/1/2011 10:34:41 PM | Computer Name = STORMDOOR | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 1616 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {26A24AE4-039D-4CA4-87B4-2F83216025FF}

[ System Events ]
Error - 6/22/2011 9:43:07 PM | Computer Name = STORMDOOR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.11.101 for the Network Card with network
address 002618F0734F has been denied by the DHCP server 192.168.11.100 (The DHCP
Server sent a DHCPNACK message).

Error - 6/23/2011 10:04:38 AM | Computer Name = STORMDOOR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.11.101 for the Network Card with network
address 002618F0734F has been denied by the DHCP server 192.168.11.100 (The DHCP
Server sent a DHCPNACK message).

Error - 6/23/2011 11:03:55 AM | Computer Name = STORMDOOR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.11.101 for the Network Card with network
address 002618F0734F has been denied by the DHCP server 192.168.11.100 (The DHCP
Server sent a DHCPNACK message).

Error - 6/23/2011 2:45:43 PM | Computer Name = STORMDOOR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.11.102 for the Network Card with network
address 002618F0734F has been denied by the DHCP server 192.168.11.100 (The DHCP
Server sent a DHCPNACK message).

Error - 6/26/2011 4:24:53 PM | Computer Name = STORMDOOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/26/2011 4:26:04 PM | Computer Name = STORMDOOR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AsIO aswSnx aswSP aswTdi BANTExt Fips intelppm SCDEmu

Error - 6/26/2011 4:29:28 PM | Computer Name = STORMDOOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/26/2011 4:29:44 PM | Computer Name = STORMDOOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/26/2011 5:58:52 PM | Computer Name = STORMDOOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/26/2011 5:59:52 PM | Computer Name = STORMDOOR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AsIO aswSnx aswSP aswTdi BANTExt Fips intelppm SCDEmu


< End of report >

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:45 AM

Posted 27 June 2011 - 09:50 PM

Hi

Please do the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    DRV - [2010/12/30 14:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
    O3 - HKU\S-1-5-21-1078081533-2000478354-1177238915-1007\..\Toolbar\WebBrowser: (no name) - {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] File not found
    [2011/06/24 14:15:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\05-19-2011_140656.job
    [2011/06/24 13:50:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\05-19-2011_135055.job
    [2011/05/19 17:50:18 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log



NEXT



Press the WinKey + R to open a run box:

Copy/paste the following text into the open run box > Click OK

ComboFix /nombr

this should start ComboFix > post the resulting log

Edited by CatByte, 27 June 2011 - 09:58 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 murciel

murciel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 28 June 2011 - 08:19 AM

Step 1 Done it. I believe successfully.
Now Iíll try: ComboFix /nombr
Iím come back soon after. Hopefully.
Thank you


All processes killed
========== OTL ==========
Service RkHit stopped successfully!
Service RkHit deleted successfully!
C:\WINDOWS\system32\drivers\RKHit.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-2000478354-1177238915-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1C18A7B-55E9-4DA3-A880-D112C791A9D8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1C18A7B-55E9-4DA3-A880-D112C791A9D8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
C:\WINDOWS\tasks\05-19-2011_140656.job moved successfully.
C:\WINDOWS\tasks\05-19-2011_135055.job moved successfully.
File C:\WINDOWS\System32\drivers\RKHit.sys not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Robert\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 626 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Robert
->Flash cache emptied: 22719 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 6416745 bytes
->Temporary Internet Files folder emptied: 10794551 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Robert
->Temp folder emptied: 273298423 bytes
->Temporary Internet Files folder emptied: 86601530 bytes
->Java cache emptied: 250749 bytes
->FireFox cache emptied: 40820423 bytes
->Google Chrome cache emptied: 433608285 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43008 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 38739 bytes

Total Files Cleaned = 814.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06282011_100507

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 murciel

murciel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 28 June 2011 - 08:58 AM

OK CatByte
So Far so Good. I'm not sure that the problem is fix it yet.
I cross my fingers.
Before you ask here is my ComboFox Log.


ComboFix 11-06-27.04 - Robert 06/28/2011 10:25:52.4.2 - x86
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 13:05 . 2011-06-28 13:05 -------- d-----w- C:\_OTL
2011-06-19 20:44 . 2011-06-19 20:58 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-06-19 19:57 . 2011-06-19 19:57 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-06-19 19:57 . 2011-06-19 19:57 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-06-19 19:57 . 2011-06-19 19:57 2 --shatr- c:\windows\winstart.bat
2011-06-19 19:57 . 2011-05-18 13:53 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-06-19 19:57 . 2011-06-26 20:24 -------- d-----w- c:\program files\UnHackMe
2011-06-14 20:56 . 2011-06-14 20:56 -------- d-----w- c:\program files\Common Files\Java
2011-06-14 20:56 . 2011-06-14 20:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-14 20:56 . 2011-06-14 20:56 472808 ----a-w- c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-06-14 20:56 . 2011-06-14 20:56 -------- d-----w- c:\program files\Java
2011-06-08 16:39 . 2001-08-17 16:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-06-08 16:39 . 2001-08-17 16:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-06-08 16:39 . 2008-04-14 03:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-06-08 16:39 . 2008-04-14 03:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-06-02 04:46 . 2011-06-05 21:15 -------- d-----w- c:\windows\system32\Adobe
2011-06-02 02:32 . 2011-06-02 02:32 3584 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-06-02 02:32 . 2011-06-02 02:32 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-05-30 14:57 . 2011-05-30 14:57 -------- d-----w- c:\program files\Belarc
2011-05-30 14:57 . 2008-02-27 16:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-14 21:21 . 2011-05-23 06:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 20:56 . 2010-06-20 04:03 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-05-18 00:47 . 2011-05-18 00:37 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-02 15:31 . 2010-06-15 09:39 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 04:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2008-04-14 09:41 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2008-04-14 04:07 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 04:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-15 06:14 . 2011-05-23 20:36 804456 ----a-w- c:\windows\system32\DisplayCplExt.dll
2011-04-08 05:14 . 2011-05-23 19:42 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-23 19:42 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-08 05:14 . 2011-05-23 19:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-05-23 19:41 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-14 16:26 . 2011-05-20 03:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-10-31 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnVir Task Manager Pro"="c:\program files\AnVir Task Manager Pro\AnVir.exe" [2010-04-02 3288288]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2011-05-18 594200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-6-16 25214]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Pro\\wsftpgui.exe"=
"c:\\Program Files\\MyPoi Manager\\MyPoiManager.exe"=
"c:\\Program Files\\Net2Phone CommCenter\\CommCtr.exe"=
.
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-06-19 35816]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-05-10 121000]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-01-07 57344]
R3 EOlmarikFix;EOlmarikFix;c:\docume~1\Robert\LOCALS~1\Temp\EOlmalikFixer\EOlmarikFix.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 13192]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2011-06-19 24416]
R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-09-29 582424]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-08-15 54960]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 06:15]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 06:15]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2000478354-1177238915-1007Core.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 05:12]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2000478354-1177238915-1007UA.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-19 05:12]
.
2011-06-27 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-06-28 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-06-09 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-05-31 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-06-01 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = socks=
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\05gjcr1z.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-WgaLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="40C681AA1BEC9008C86F531D316B3994B66270FD9B630CA6A17F2CF76CDE4F5191F2487552130AFA64723B5C50CFC809C84D73A77C3874DD4951C34CD547B5236AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB3452A6171C11EC38DE3DD274F68AD3B15FE3BA222F6A42AAAD175B4EB586637A088A57A748D718F6F19BF4BF031B9ABE2E2B7EED3F1508181339F0BE4C04B5EB22907E70F285DE47787D5E014A9D977A071B6D4ED84E1A36A2AD9E458F31D8C7DC0BBB9C07B0EFDC379974291C46D65F15D5C0344A50E8D093ED13F3E87244CC1EEE5180AC876889DD7E2F6B7BA8B7EDF5A0475491393CBA9199109FF58CBF3F3CD41933BC1B349F125A9CC0A1BE6D2CBBE5E2A7668BAA49BAF46E65082E6A6304F57E0FC75E97766D055E6479E501A2EC338A6BAE2EA057A2E31920A463B48634B381340DAAA8697CF42AD7225F4DDC03BBC6A108EADFC0D0748FF4062266F483123884063C53D93FC8485E6ED102EBEC53B88DC270FC683FD3644897411702973AC827DBB255AA2DC095806844A2E58A7510BB63526034DC54BFC37E7BB6050D7570096E93C1C22DC0848A48250961B3BE94F42384C78C8EEE5CD60DEF85D874B50058CEC67F8E9C531A8B00465EFBB272204DEDE2C2DE293D89B24E231ADAD18DDA074398C9FC4CA4EFD832DDA356C3F49F99632CB61E78FDAACFFEFB5EEE1C36F8CD47B9AD030306B28936032D141BD118F15A815C403B94366491C58EF9418A67280ABD9096F7EB24FA18B522E0DC369DB4596B41BDA508B9712B30BDE89F0BC6D36C1E27B459EE184D97D5FD65A4F35B031D524594DD82D139254FD1A88B5ACAD386B6FC5DC74C796327A790D47F7F10BF97849C467F53B3410C19842DCCC2BB712249F092D765C4656E57FEE36FF50C176B36D059196DA5D2A3E8E36C212E76353DF7B45D123F0C414AF03FCA6B9238F472FCBED62D6782FBDFFECFE0B62DE9F08ACB5148758173264A659C44DBB80D0A3952974CB2FD3B906A7F000AB2749BB5F1B21FE371F93688AF8AB91420EE194C7E955FCA960DD126A1EF7EE8AC5A23DA8CFA4E436B991F1F741A88FC8A5C7F74B9096EE9B51ADD1696BDA606305BAD7CA8DA61FE3DF490E7C2B050C7DFD0F5FE90D2F240E34A8A7F0E362D6A3D97FA794AE8AE32B2458022FAD0ADC2DABD46AE617D6D6FE8E997C3038E962649D35E7427A362FB0DE6F6D1AE5E90BBA83ACF863CF6B094FEE55789A15DBBCBBAF54155296A797F025B9240A724BC8A6DFD0452659268D9D4D3B23ACB1ECB706E0B9F46EE80C7673AC78377E1CFC884BCE8E89DD58710E58DE82305182FC7AFB4C30AB74C10F35B52748FCA8971A289227B1A39B96D77E641"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1080)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-28 10:40:29
ComboFix-quarantined-files.txt 2011-06-28 13:40
.
Pre-Run: 273,475,997,696 bytes free
Post-Run: 273,443,946,496 bytes free
.
- - End Of File - - 24A74C728DD0A9F52CC9ED2FCEA18D3F

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:45 AM

Posted 28 June 2011 - 02:27 PM

Hi

Please do the following:

Press the WinKey + R to open a Run box > copy and paste the following line into the open run box > click OK:


cmd /c reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys" /f


A black window will flash up for a second - this is normal.


NEXT



Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 murciel

murciel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 30 June 2011 - 08:25 AM

Hi CatByte,

Iím getting fine with some surprises.

When I run MBAM, the program blocked my service provider IP and fail to update its self. Than I set the IP in the exclusion list, also I try reinstalling booting etc. but it didnít solve the problem. I didnít found anything posted in the MBAM forum.. However the scan with a 30 days old DB come up clean. See Log on Bottom.

POP-Up message:

An error has occurred. Please report this error code to our support team.
PROGRAM_ERROR_UPDATING(11001,0, Host not found)
No such host is known.



For the ESET, it took 9 hours to finish the scanning of the hole computer, with a variety of viruses found. More than 100 distributed on my 7 HDís. Mostly already deleted but present on ďSystem restore volumeĒ, also false sapyerasers and various from stored old downloads programs.

The browsers IE, Chrome, FF are working better now other than some unwanted ďGoogle AnalyticsĒ pop-ups.

=============================================================================================================

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6586

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/29/2011 1:08:25 PM
mbam-log-2011-06-29 (13-08-25).txt

Scan type: Quick scan
Objects scanned: 159510
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:45 AM

Posted 30 June 2011 - 09:21 AM

Please post the ESET log

then do the following:

Reset your Router:

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

NEXT

  • Go to Start > Run > type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between ď..g /fÖĒ it needs to be there)
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


NEXT



Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.



Now try the MalwareBytes update, please let me know if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users