Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I-play & Myway Search + No Windows Update


  • This topic is locked This topic is locked
17 replies to this topic

#1 datkwikracer

datkwikracer

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 August 2011 - 11:28 PM

I read the Prep Guide but could not run gmer. When I did I got blue screen saying something about kernel something. I can run it again if you need the exact message.

I have Installed, update, and ran the following:

Avast AV
MAlwarebytes
Ad-aware
Spybot s&d
Spywareblaster
CCleaner
Advanced System Care

They fixed quite a bit of problems, but I'm sure there are still some hidden ones.

Like I said in the title I-play and Myway search are present, and I cant use windows update.
When I go to the windows update site using IE I get Error number: 0x80070002. I tried using Microsofts suggested repairs to no avail.

Thanks in advance.

My DDs log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by Maria Tobar at 20:20:35 on 2011-07-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.74 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [20090604] c:\program files\broderbund\mavis beacon deluxe - 25th anniversary edition\regapp\encore_reg.exe /r "c:\program files\broderbund\mavis beacon deluxe - 25th anniversary edition\regapp\encore_reg.rpd"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231215342503
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310246345062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D3F545DA-25B4-4930-8841-3F0DF9F485E3} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: cbXNEUKa -
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\mupapupe.dll lkithv.dll c:\windows\system32\hinikafo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtsPJAq
LSA: Notification Packages = scecli c:\windows\system32\mupapupe.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\maria tobar\application data\mozilla\firefox\profiles\ztidclq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://results.myway.com/dft_redir.jhtml?id=YD&ptb=978F1210-630D-43DF-92A0-83ADCEDD97FC&ind=2010122813&ptnrS=YD&si=&n=&psa=&st=kwd&searchfor=
FF - plugin: c:\documents and settings\maria tobar\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-11 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-8 309848]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-8 353168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-8 42184]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-2-3 66048]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-30 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2151640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-12-28 56352]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-2-3 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-2-3 13532]
.
=============== Created Last 30 ================
.
2011-07-20 05:59:18 388096 ----a-r- c:\documents and settings\maria tobar\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-20 05:08:27 -------- d-----w- c:\program files\Trend Micro
2011-07-09 20:46:06 46112 ----a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-07-09 20:46:05 6144 ----a-w- c:\windows\system32\dllcache\admxprox.dll
2011-07-09 20:46:04 10880 ----a-w- c:\windows\system32\dllcache\admjoy.sys
2011-07-09 20:46:03 747392 ----a-w- c:\windows\system32\dllcache\adm8830.sys
2011-07-09 20:46:02 584448 ----a-w- c:\windows\system32\dllcache\adm8810.sys
2011-07-09 20:46:02 553984 ----a-w- c:\windows\system32\dllcache\adm8820.sys
2011-07-09 20:46:01 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys
2011-07-09 20:46:01 20160 ----a-w- c:\windows\system32\dllcache\adm8511.sys
2011-07-09 19:36:16 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2011-07-09 19:36:05 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-07-09 19:35:51 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-07-09 19:35:50 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-07-09 19:35:50 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-07-09 19:35:49 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-07-09 19:35:49 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-07-09 19:35:48 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-07-09 19:23:13 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-09 03:15:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-07-09 09:38:53 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-28 23:43:49 26112 ----a-w- c:\windows\system32\userinit.exe
2011-06-18 10:02:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-17 09:43:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-11 17:08:49 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-06-11 17:08:49 104 --sh--r- c:\windows\system32\E6BFF45995.sys
2011-05-25 09:00:36 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-28 19:29:08 311296 ----a-w- c:\program files\Uninstall PureDef Music Toolbar.dll
.
============= FINISH: 20:26:15.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:04 PM

Posted 09 August 2011 - 02:52 PM

Good evening. ;)

The first thing you need to do is to remove one of your anti-virus programs - the rule is one active resident scanner per machine. Either Lavasoft Ad-Watch Live or avast! Antivirus has to go.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once you've done the above, do the below and post accordingly:

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#3 datkwikracer

datkwikracer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 August 2011 - 12:01 AM

Thank You for the reply Noviciate,

I was not aware ad-aware was also an AV. I thought it was just an snti adware program, but I went ahead and uninstalled it. Myway search is still present and I still cannot download updates from microsoft's website I get error code 0x80070002

Here's my combofix log:

ComboFix 11-08-10.03 - Maria Tobar 08/10/2011 21:16:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.115 [GMT -7:00]
Running from: c:\documents and settings\Maria Tobar\Desktop\likehijackthis.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\Maria Tobar\Application Data\PriceGong
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Maria Tobar\Application Data\PriceGong\Data\z.xml
c:\program files\Common Files\ufzu
c:\program files\Common Files\ufzu\ufzua.lck
c:\program files\Common Files\ufzu\ufzud\class-barrel
c:\program files\Common Files\ufzu\ufzuh
c:\program files\Common Files\ufzu\ufzul.lck
c:\program files\Common Files\ufzu\ufzum.lck
c:\program files\puredefmusic\toolbar
c:\program files\puredefmusic\toolbar\History\search3
c:\program files\puredefmusic\toolbar\Settings\s_pid.dat
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\Thumbs.db
c:\windows\103h59ktzol572.exe
c:\windows\1075not-9zvirus454.cpl
c:\windows\109fth5ef1755z.bin
c:\windows\11412s9ambot665z.ocx
c:\windows\1159zvir9s17.bin
c:\windows\11b3a9dwarz1475.cpl
c:\windows\12216vir5s9cz.bin
c:\windows\12292hacztool6825.dll
c:\windows\12746s5ambot29z.cpl
c:\windows\12z00hackto5l79e.dll
c:\windows\13582not-azv95us625.dll
c:\windows\13924zir5s699.dll
c:\windows\139e5ac9door2z90.exe
c:\windows\13f5zhreat7249.ocx
c:\windows\146445ot-a-virus62z9.dll
c:\windows\147145p973z.dll
c:\windows\15048not-azvirus499.ocx
c:\windows\15129hacktool58z.dll
c:\windows\151639irus67z.cpl
c:\windows\15756h5cktoo97ccz.bin
c:\windows\15924h9cktzol695.bin
c:\windows\15993zirus53b.exe
c:\windows\15z10wor9328.exe
c:\windows\15z75v9rus338.exe
c:\windows\15z84hackt9ol65e.exe
c:\windows\16640no9-a-virus5zb.dll
c:\windows\16779hacktzol53b.ocx
c:\windows\167z05o9m50e.dll
c:\windows\18526hacztoo53d79.dll
c:\windows\18756not-azvi9us4fb.bin
c:\windows\1899sparse565z.cpl
c:\windows\1899viru53fz.exe
c:\windows\18z92sp5mbot3f7.dll
c:\windows\19121zacktool59e.ocx
c:\windows\192z3hac5tool55c.dll
c:\windows\196b5ckdozr257.cpl
c:\windows\1981hzc5tool97a.exe
c:\windows\198asteal225z.exe
c:\windows\1b659ackzoor5635.cpl
c:\windows\1bth5ef2z939.ocx
c:\windows\1c9bbazkdoor2502.ocx
c:\windows\1dzdspa5se9435.dll
c:\windows\1e4b9hzef16925.cpl
c:\windows\1z067v9rus55d.cpl
c:\windows\1z29vi5527.exe
c:\windows\1z464spam9ot1455.bin
c:\windows\1z659acktool5f5.bin
c:\windows\1z992spy953.cpl
c:\windows\20887not-a-v5rusz93.dll
c:\windows\211539acktool2aaz.dll
c:\windows\22480zacktool29c5.dll
c:\windows\2258spambot62z9.bin
c:\windows\23084not9a5virus1z.ocx
c:\windows\232799irusz1b5.dll
c:\windows\2332zsp9mb5t12.exe
c:\windows\23395not5a-vi9us43z.bin
c:\windows\23577wz5m916.dll
c:\windows\23z7spywar52922.cpl
c:\windows\24609orm37z5.dll
c:\windows\249745irus6zc9.exe
c:\windows\2499zteal1350.ocx
c:\windows\249z25irus6f3.ocx
c:\windows\25595worz726.dll
c:\windows\25956worm4ze9.exe
c:\windows\25z245roj1a79.cpl
c:\windows\26399ha9kzool753.ocx
c:\windows\2654z9orm199.exe
c:\windows\26552sz9mbot815.exe
c:\windows\26644s5amboz93.cpl
c:\windows\26f9t5reat298z8.ocx
c:\windows\27090z5oj95.dll
c:\windows\27144h9ckzool65d.cpl
c:\windows\27215pzw9re823.exe
c:\windows\277edow5lo9dzr824.ocx
c:\windows\27a4backdozr559.exe
c:\windows\27d8thiez9511.exe
c:\windows\28519spamboz394.exe
c:\windows\28885s5amboz16d9.exe
c:\windows\28z89hreat175195.exe
c:\windows\2951backdozr1710.exe
c:\windows\29768haz5tool7db.ocx
c:\windows\29e2backdoz91415.cpl
c:\windows\29z54s9ambo51f1.bin
c:\windows\29z54viruse0.ocx
c:\windows\2bc9tzal1695.dll
c:\windows\2c3estea51z989.cpl
c:\windows\2ca9steal545z.bin
c:\windows\2cf8do5nloadzr992.dll
c:\windows\2e955ddware9z0.ocx
c:\windows\2fa6down9oader518z.exe
c:\windows\2z787spambot7359.bin
c:\windows\2z88a5dwar92427.dll
c:\windows\2z908spy7d25.exe
c:\windows\2z954worm595.bin
c:\windows\2z9bthief3567.cpl
c:\windows\3055ztro9677.dll
c:\windows\31559zorm69b.exe
c:\windows\319395ot-a9vizus4bc.dll
c:\windows\32415zpambot966.dll
c:\windows\3259hzcktool419.dll
c:\windows\32609haczt9ol5c2.cpl
c:\windows\345fspzware3947.bin
c:\windows\3565stezl9053.cpl
c:\windows\3589threatz4292.cpl
c:\windows\35962zorm966.cpl
c:\windows\3598addwarez118.exe
c:\windows\3697downlozder19555.cpl
c:\windows\370dste9z3255.exe
c:\windows\3850vi9usz45.cpl
c:\windows\3888szyware29495.ocx
c:\windows\388not-a-zir9s2c75.cpl
c:\windows\39537zorm795.bin
c:\windows\3995not-a-ziruse3.ocx
c:\windows\39bdthr5zt29740.cpl
c:\windows\39bespyza5e9999.exe
c:\windows\39d8dowzlo5der2954.dll
c:\windows\39wozm7f5.bin
c:\windows\3ac4z5yware39.bin
c:\windows\3c7addw5re799z.exe
c:\windows\3ze2a5dw9re2049.bin
c:\windows\40zhackto9l65c5.ocx
c:\windows\412f9z5551.cpl
c:\windows\41z8backdo5r24899.dll
c:\windows\42ae9ddwa5e6z.bin
c:\windows\4409threaz35951.dll
c:\windows\44a8z592458.cpl
c:\windows\44a9szyware5458.exe
c:\windows\453csteaz9580.ocx
c:\windows\4555downlozd9r3260.cpl
c:\windows\4570thzeat29579.dll
c:\windows\45b5dzwnloade92166.exe
c:\windows\45c4threatz0592.bin
c:\windows\4837a9dwa5e9z6.cpl
c:\windows\488759zj5c7.cpl
c:\windows\495c5ddwarez964.dll
c:\windows\4962backdzo53158.dll
c:\windows\49d9zp5ware943.dll
c:\windows\4a19zi51966.exe
c:\windows\4fc9spyzare5652.exe
c:\windows\4zd5add9are1555.exe
c:\windows\503d9ddware217z.exe
c:\windows\5090threat9699z.ocx
c:\windows\5094spyware20z95.dll
c:\windows\5191hackz95l585.exe
c:\windows\52397virus9dz.bin
c:\windows\52839viruz9b9.cpl
c:\windows\52zcthief9353.ocx
c:\windows\54154zot-a-9irus73c.bin
c:\windows\5437threa9195z1.dll
c:\windows\543zspyware16795.dll
c:\windows\5532spyware9z5.dll
c:\windows\55379hief869z.dll
c:\windows\55429hief17z7.cpl
c:\windows\5544addwaze2998.ocx
c:\windows\554adoznloade92613.exe
c:\windows\55798no9-a-virus4z0.bin
c:\windows\55804h9cktooz66.cpl
c:\windows\5591virzs4f3.ocx
c:\windows\55b2zhief549.bin
c:\windows\55dbsteal961z.cpl
c:\windows\55e9thief9075z.bin
c:\windows\55f2steal48z9.dll
c:\windows\5659tzief2885.ocx
c:\windows\5707backdoo9185z.bin
c:\windows\5746znot-a-virus69d.dll
c:\windows\5795threaz4648.cpl
c:\windows\58550vizus459.ocx
c:\windows\590addwzre335.cpl
c:\windows\592z8worm9a6.bin
c:\windows\594espzware983.ocx
c:\windows\5985backdoor2z07.bin
c:\windows\59zspambot165.cpl
c:\windows\5a5zvir14619.cpl
c:\windows\5b8azownloader2900.bin
c:\windows\5bd0spzw9re525.exe
c:\windows\5bd2bzck9oor2439.exe
c:\windows\5cac9ackzoor1948.ocx
c:\windows\5d03a9dzare992.cpl
c:\windows\5d05thre9t11538z.ocx
c:\windows\5e88thief299z5.exe
c:\windows\5z56downloader2795.bin
c:\windows\5z5addw9re3134.exe
c:\windows\5zd8downl9ader1335.bin
c:\windows\609dzddwar51791.dll
c:\windows\60f9sp5warz1768.cpl
c:\windows\627cd5wnload9r315z.cpl
c:\windows\6285spy9arz77.cpl
c:\windows\62cdow9loadzr10275.dll
c:\windows\63c0b5ckdoo91452z.bin
c:\windows\645zthi9f832.bin
c:\windows\655zsteal719.bin
c:\windows\6568bazkdoor8299.bin
c:\windows\6699tzreat176565.bin
c:\windows\67bb5ownloaderz169.dll
c:\windows\67dzba9k5oor410.dll
c:\windows\6900addware305z.bin
c:\windows\69019ownlo5derz754.ocx
c:\windows\6942sp5mbot594z.exe
c:\windows\699a5parse149z.cpl
c:\windows\69b1stezl2954.ocx
c:\windows\6bzfs59rse1781.exe
c:\windows\6c33backdo9r55z.bin
c:\windows\6cd6adz9are1578.cpl
c:\windows\6efbthizf19915.dll
c:\windows\6faspyw5rez009.cpl
c:\windows\6z94d9wnloader1425.dll
c:\windows\6zb8sp9w5re2557.ocx
c:\windows\6ze1spyware9505.exe
c:\windows\70c19ddwzre3532.dll
c:\windows\70z2not-59virus115.bin
c:\windows\72b3bzck5oor4449.dll
c:\windows\72b9thi5f59z.bin
c:\windows\752zviru9541.cpl
c:\windows\75e9zpy5are1958.cpl
c:\windows\7620addwa9e8z5.dll
c:\windows\7790spz9bot5.exe
c:\windows\7935addwa5ez797.ocx
c:\windows\793faz95are2697.exe
c:\windows\795zthief1295.exe
c:\windows\7994t5ief1z4.ocx
c:\windows\79e5backdo5r3z59.exe
c:\windows\7az95teal526.dll
c:\windows\7b21backd9or28z5.cpl
c:\windows\7b9thizf3159.cpl
c:\windows\7d9e9pyw5re319z.dll
c:\windows\7fb9steal205z.exe
c:\windows\859spzware2092.bin
c:\windows\87449ackzool5b2.dll
c:\windows\8751spy7z59.cpl
c:\windows\8bb5pywa9ez071.exe
c:\windows\8d8thre5t39z95.ocx
c:\windows\90ezthie5899.bin
c:\windows\92554spyz39.exe
c:\windows\93915spambotz5f.dll
c:\windows\94zthreat21538.dll
c:\windows\952ftzreat185.cpl
c:\windows\95538hacztool5925.exe
c:\windows\958zpyw9re359.exe
c:\windows\96094n5t-a-virzs5d2.exe
c:\windows\96283virzs3f75.bin
c:\windows\96543w5rm54z.ocx
c:\windows\9786wo5m9z6.dll
c:\windows\9965vzrus157.bin
c:\windows\99944zacktool77a5.ocx
c:\windows\9a0dbackdo5r68z.cpl
c:\windows\a5cs9ywarez720.ocx
c:\windows\c0bbackz5or7089.exe
c:\windows\c16spazse5359.exe
c:\windows\e95azdware14945.ocx
c:\windows\system32\10707not9a-virusz45.cpl
c:\windows\system32\10749zirus39d5.dll
c:\windows\system32\119adzwn5oader691.exe
c:\windows\system32\13589zacktool38b.ocx
c:\windows\system32\13941virus205z.cpl
c:\windows\system32\14493ha9ktoolz995.dll
c:\windows\system32\144b9hreat19z54.exe
c:\windows\system32\14793spzmbot5d.exe
c:\windows\system32\147b9teal11z95.ocx
c:\windows\system32\14887not-a-v9rus335z.bin
c:\windows\system32\151z1wo5m493.exe
c:\windows\system32\15626s9amboz359.cpl
c:\windows\system32\15929acktool3z5.bin
c:\windows\system32\16706n9t-z-vir5s4bd.exe
c:\windows\system32\171555ack9ool3cz.bin
c:\windows\system32\17222spambo5zd9.bin
c:\windows\system32\178325pamb9t3zc.bin
c:\windows\system32\1795spam9otza5.exe
c:\windows\system32\18295not-a-vi9uszd2.cpl
c:\windows\system32\190ddowzloader9105.dll
c:\windows\system32\19200worz7c25.ocx
c:\windows\system32\195bstealz254.ocx
c:\windows\system32\195thre9t75z0.cpl
c:\windows\system32\19730not-5-virusz5b.cpl
c:\windows\system32\19850hazk9ool245.bin
c:\windows\system32\19f4t5reatz9065.dll
c:\windows\system32\1aa4ba5kdoorz069.ocx
c:\windows\system32\1c1adow5loa9er9z5.ocx
c:\windows\system32\1dc5downloader99z.exe
c:\windows\system32\1dz6spyware5390.exe
c:\windows\system32\1z449virus4759.bin
c:\windows\system32\1z504virus6b9.bin
c:\windows\system32\1z9ado9nloader1865.ocx
c:\windows\system32\2105zworm6e95.dll
c:\windows\system32\21115haz59ool322.exe
c:\windows\system32\21151spa5bot29dz.ocx
c:\windows\system32\22202not-z9virus540.exe
c:\windows\system32\22229viru5340z.exe
c:\windows\system32\22999viruz659.ocx
c:\windows\system32\23115hz5ktool1869.exe
c:\windows\system32\233ddownloadzr5193.cpl
c:\windows\system32\234ftzief19875.dll
c:\windows\system32\23997not-a-vi5us7z9.cpl
c:\windows\system32\247z59irus419.cpl
c:\windows\system32\251649orm155z.exe
c:\windows\system32\254499aczt5ol323.ocx
c:\windows\system32\254z85pambot519.bin
c:\windows\system32\259espyware2498z.dll
c:\windows\system32\2659zhacktool5a.bin
c:\windows\system32\265bdownzoader9251.dll
c:\windows\system32\26615virus9dbz.dll
c:\windows\system32\26935spamboz4bb9.bin
c:\windows\system32\26z49pyware2155.dll
c:\windows\system32\2722zn5t9a-virus1ac.cpl
c:\windows\system32\27362hzcktool959.bin
c:\windows\system32\289za9d5are1075.dll
c:\windows\system32\2938not-a-viruz135.ocx
c:\windows\system32\29475vizus1d5.cpl
c:\windows\system32\298969azktool15a.cpl
c:\windows\system32\2c0ba5kdoo946z.exe
c:\windows\system32\2d51dow9loader976z.dll
c:\windows\system32\2da3szeal19539.bin
c:\windows\system32\2eacst9al25z8.cpl
c:\windows\system32\2z384viru57f9.bin
c:\windows\system32\2z857wo9m34.exe
c:\windows\system32\30175h5cktoolz9c.bin
c:\windows\system32\31951hacktool4z3.exe
c:\windows\system32\31964not-a-vizusb5.dll
c:\windows\system32\3199t5iefz98.exe
c:\windows\system32\325z4spa5bot3319.cpl
c:\windows\system32\32756vir9sz315.ocx
c:\windows\system32\33d4bac59oorz733.bin
c:\windows\system32\33z0vir5s4329.cpl
c:\windows\system32\33z3spyware859.ocx
c:\windows\system32\3429spz5are975.ocx
c:\windows\system32\355z7virus9ec.ocx
c:\windows\system32\3813st9al52z4.exe
c:\windows\system32\3e0e5d9warez026.dll
c:\windows\system32\3z0cbackdoor955.ocx
c:\windows\system32\3z51spywar93018.bin
c:\windows\system32\40z5thief30095.exe
c:\windows\system32\43b9spyware1455z.ocx
c:\windows\system32\4454spa9bzt3e55.bin
c:\windows\system32\4535steal1392z.cpl
c:\windows\system32\457zthief997.cpl
c:\windows\system32\45a9spyzare1584.exe
c:\windows\system32\45z0spamb9t774.exe
c:\windows\system32\45z9downloader3913.cpl
c:\windows\system32\45zfth9eat35881.exe
c:\windows\system32\463zdow9lo5der1986.cpl
c:\windows\system32\468bthrea579z.bin
c:\windows\system32\475cdownload9z765.bin
c:\windows\system32\47a4spywarz3935.dll
c:\windows\system32\4859worm579z.bin
c:\windows\system32\4885hack9oolz74.dll
c:\windows\system32\4972adzware3526.dll
c:\windows\system32\49zbst5al86.exe
c:\windows\system32\4de6szy9are5302.ocx
c:\windows\system32\4z28spyw9re10345.dll
c:\windows\system32\50296zormbd.cpl
c:\windows\system32\51860hacktool9zb.ocx
c:\windows\system32\51z139irus31d.cpl
c:\windows\system32\525dthzeat2889.exe
c:\windows\system32\53dzthie92596.cpl
c:\windows\system32\5519wozm692.cpl
c:\windows\system32\55955hacktoolzab.cpl
c:\windows\system32\55cas9yware2z59.dll
c:\windows\system32\56605v9rus5zb.dll
c:\windows\system32\5752dzwnloader29599.dll
c:\windows\system32\58369ddware1z145.ocx
c:\windows\system32\58491worz958.cpl
c:\windows\system32\5855not-a5zirus950.ocx
c:\windows\system32\5933not-azvirus7d5.exe
c:\windows\system32\594z9hacktool9a5.ocx
c:\windows\system32\596fbac9door50z4.cpl
c:\windows\system32\5985steal29z5.exe
c:\windows\system32\59z7spyware9195.bin
c:\windows\system32\59z9backdo5r2866.exe
c:\windows\system32\5a529pywarz110.dll
c:\windows\system32\5a71th9eat1z154.ocx
c:\windows\system32\5b61dzwnloader15599.bin
c:\windows\system32\5czadownlo5d9r79.cpl
c:\windows\system32\5d2doznl5ader15319.ocx
c:\windows\system32\5e9zaddware2334.ocx
c:\windows\system32\5ez1spyw5re9417.cpl
c:\windows\system32\5fd9zddware5206.bin
c:\windows\system32\5z99steal915.exe
c:\windows\system32\5z9cth5ef49.ocx
c:\windows\system32\632bazd9are5949.exe
c:\windows\system32\659z5irus399.dll
c:\windows\system32\683aszyware2195.exe
c:\windows\system32\6896sp5mbot1c1z.exe
c:\windows\system32\6902thizf59.exe
c:\windows\system32\695zwo5m290.bin
c:\windows\system32\69659teal81z.exe
c:\windows\system32\6c7ad5wnlzade92628.cpl
c:\windows\system32\6eabazk9oor5566.cpl
c:\windows\system32\7315hazktool49a5.exe
c:\windows\system32\7355zacktool195.exe
c:\windows\system32\735viruz6c9.bin
c:\windows\system32\755es5ywzre9510.ocx
c:\windows\system32\75afthreat9z046.cpl
c:\windows\system32\77c29dd5are1z60.cpl
c:\windows\system32\79z4spy5are2259.dll
c:\windows\system32\7ccd5z9ware2759.exe
c:\windows\system32\7d29addwzre5799.exe
c:\windows\system32\7e67thie9z985.cpl
c:\windows\system32\7f05do9nlzader5909.ocx
c:\windows\system32\7zdbac9door533.exe
c:\windows\system32\8055viru9339z.bin
c:\windows\system32\8254hacktzol996.exe
c:\windows\system32\852noz9a-v5rus172.bin
c:\windows\system32\906vi9us45z.exe
c:\windows\system32\91zaddwar5869.exe
c:\windows\system32\9209thiez5592.ocx
c:\windows\system32\938z5dware6699.cpl
c:\windows\system32\9418wo5m9z4.exe
c:\windows\system32\95593spamboz289.exe
c:\windows\system32\95756worm57z.dll
c:\windows\system32\965z9virusf5.ocx
c:\windows\system32\994backdzor10615.bin
c:\windows\system32\9d91th5ef281z.exe
c:\windows\system32\9dc1adzw5re1615.bin
c:\windows\system32\c77thie910z5.exe
c:\windows\system32\service
c:\windows\system32\z009threa530460.exe
c:\windows\system32\z079thief1254.cpl
c:\windows\system32\z102ha9kto5l9d.exe
c:\windows\system32\z19f5ddware1983.exe
c:\windows\system32\z43bd9wnload5r1485.dll
c:\windows\system32\z4989hacktool750.ocx
c:\windows\system32\z55fst9al2199.bin
c:\windows\system32\z5casp9ware1275.dll
c:\windows\system32\z6725worm3f69.exe
c:\windows\system32\z756addware2945.bin
c:\windows\system32\z9204s5amb9t765.ocx
c:\windows\system32\z94t5reat1946.cpl
c:\windows\system32\z9554wo5m1d5.ocx
c:\windows\system32\z9668not-a-v5rus1d2.cpl
c:\windows\system32\z996downloader2578.dll
c:\windows\system32\z99abac5door2354.exe
c:\windows\system32\zc5asp9ware2125.cpl
c:\windows\system32\zf5pyware9257.ocx
c:\windows\z046thie5985.dll
c:\windows\z16dbac5d9or1541.dll
c:\windows\z293threa915250.exe
c:\windows\z499wor5566.bin
c:\windows\z4c1v9r26165.exe
c:\windows\z691hacktool5f9.dll
c:\windows\z792ad5ware312.dll
c:\windows\z895thief3074.bin
c:\windows\z9501wo5m397.cpl
c:\windows\z956vi9us6d5.dll
c:\windows\z9825ot-a-virus6a6.cpl
c:\windows\z9854t9oj57c.dll
c:\windows\ze15thief2739.ocx
c:\windows\zf90addwa5e9798.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-07-28 13:17 . 2011-07-28 13:17 -------- d-sh--w- c:\documents and settings\Alicia Muratalla\PrivacIE
2011-07-20 05:59 . 2011-07-20 05:59 388096 ----a-r- c:\documents and settings\Maria Tobar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-20 05:08 . 2011-07-20 05:08 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 09:38 . 2011-06-17 09:43 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-09 03:15 . 2011-07-09 03:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52 . 2011-06-08 08:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-06-08 08:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 23:43 . 2005-08-16 09:18 26112 ----a-w- c:\windows\system32\userinit.exe
2011-06-18 10:02 . 2010-11-11 19:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-28 19:29 . 2011-06-19 10:08 311296 ----a-w- c:\program files\Uninstall PureDef Music Toolbar.dll
2011-04-14 16:26 . 2011-06-18 09:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-10-18 136768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Wmi"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"c:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_08\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [6/8/2011 1:31 AM 353168]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2/3/2009 7:00 PM 66048]
R2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [12/28/2010 12:45 PM 56352]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2/3/2009 7:20 PM 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2/3/2009 7:20 PM 13532]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-06-08 21:46]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1866830667-3693464358-3851884687-1007Core.job
- c:\documents and settings\Maria Tobar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-31 00:58]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1866830667-3693464358-3851884687-1007UA.job
- c:\documents and settings\Maria Tobar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-31 00:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Maria Tobar\Application Data\Mozilla\Firefox\Profiles\ztidclq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://results.myway.com/dft_redir.jhtml?id=YD&ptb=978F1210-630D-43DF-92A0-83ADCEDD97FC&ind=2010122813&ptnrS=YD&si=&n=&psa=&st=kwd&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-cbXNEUKa - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-10 21:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1928)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Netscape Internet Service\ncupdatesvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-10 21:38:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-11 04:38
.
Pre-Run: 20,507,406,336 bytes free
Post-Run: 20,438,032,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 48D879D56FAF666D527D7C1B95D34DAA

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:04 PM

Posted 13 August 2011 - 05:13 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#5 datkwikracer

datkwikracer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 13 August 2011 - 08:27 PM

Thanks again for the reply. Myway search is still present when I search in the address bar for firefox. I still can't update windows. I get the same error code. Eset did find 7 threats.

Here is the eset threats found log:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinClickervp1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTrafficSolc1.zip Win32/Bagle.gen.zip worm
C:\Program Files\FrostWire\Data\settings\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1209\A0271664.dll a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1214\A0272483.exe Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1214\A0272484.dll a variant of Win32/Toolbar.MyWebSearch application


and here is the dds log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Run by Maria Tobar at 18:13:16 on 2011-08-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.239 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231215342503
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310246345062
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D3F545DA-25B4-4930-8841-3F0DF9F485E3} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\maria tobar\application data\mozilla\firefox\profiles\ztidclq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://results.myway.com/dft_redir.jhtml?id=YD&ptb=978F1210-630D-43DF-92A0-83ADCEDD97FC&ind=2010122813&ptnrS=YD&si=&n=&psa=&st=kwd&searchfor=
FF - plugin: c:\documents and settings\maria tobar\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-8 353168]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-2-3 66048]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-30 54752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-12-28 56352]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-2-3 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-2-3 13532]
.
=============== Created Last 30 ================
.
2011-08-13 23:09:17 -------- d-----w- c:\program files\ESET
2011-08-11 04:13:33 -------- d-sha-r- C:\cmdcons
2011-08-11 04:09:51 98816 ----a-w- c:\windows\sed.exe
2011-08-11 04:09:51 518144 ----a-w- c:\windows\SWREG.exe
2011-08-11 04:09:51 256000 ----a-w- c:\windows\PEV.exe
2011-08-11 04:09:51 208896 ----a-w- c:\windows\MBR.exe
2011-07-20 05:59:18 388096 ----a-r- c:\documents and settings\maria tobar\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-20 05:08:27 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-07-09 09:38:53 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-09 03:15:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 23:43:49 26112 ----a-w- c:\windows\system32\userinit.exe
2011-06-18 10:02:38 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-11 17:08:49 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-06-11 17:08:49 104 --sh--r- c:\windows\system32\E6BFF45995.sys
2010-12-28 19:29:08 311296 ----a-w- c:\program files\Uninstall PureDef Music Toolbar.dll
.
============= FINISH: 18:13:47.73 ===============

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:04 PM

Posted 15 August 2011 - 02:36 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#7 datkwikracer

datkwikracer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 16 August 2011 - 12:06 AM

heres the first:

OTL logfile created on: 8/15/2011 9:46:11 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Maria Tobar\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 183.61 Mb Available Physical Memory | 36.57% Memory free
1.20 Gb Paging File | 0.95 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 18.88 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.52 Gb Free Space | 99.53% Space Free | Partition Type: NTFS
Drive F: | 491.72 Mb Total Space | 491.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ENRIQUE | User Name: Maria Tobar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/15 21:46:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maria Tobar\Desktop\OTL.scr
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2008/10/17 20:01:24 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/04/13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2005/09/08 03:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/02/10 17:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/28 14:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 14:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 14:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2009/06/03 12:09:37 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2006/10/09 17:12:40 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2009/02/06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/04/13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/10/27 21:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/02/10 17:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 22:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/11/16 19:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 19:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 19:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 19:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/02 09:57:12 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://results.myway.com/dft_redir.jhtml?id=YD&ptb=978F1210-630D-43DF-92A0-83ADCEDD97FC&ind=2010122813&ptnrS=YD&si=&n=&psa=&st=kwd&searchfor="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Maria Tobar\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Maria Tobar\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/18 02:49:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/13 18:38:46 | 000,000,000 | ---D | M]

[2009/03/11 21:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maria Tobar\Application Data\Mozilla\Extensions
[2011/06/18 02:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maria Tobar\Application Data\Mozilla\Firefox\Profiles\ztidclq8.default\extensions
[2011/06/18 02:40:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maria Tobar\Application Data\Mozilla\Firefox\Profiles\ztidclq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 10:49:29 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Maria Tobar\Application Data\Mozilla\Firefox\Profiles\ztidclq8.default\extensions\searchtoolbar@zugo.com
[2011/03/31 10:49:34 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Maria Tobar\Application Data\Mozilla\Firefox\Profiles\ztidclq8.default\searchplugins\bing-zugo.xml
[2011/06/10 22:16:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Maria Tobar\Application Data\Mozilla\Firefox\Profiles\ztidclq8.default\searchplugins\puredefmusic.xml
[2011/06/18 02:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/12/19 05:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/03/09 11:35:04 | 000,365,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll
[2006/02/23 08:16:20 | 000,034,048 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62i9x.dll
[2006/02/23 08:16:20 | 000,045,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62int.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/12/28 12:44:00 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober58296062.xml

O1 HOSTS File: ([2011/08/10 21:31:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231215342503 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1310246345062 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Maria Tobar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maria Tobar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 21:45:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maria Tobar\Desktop\OTL.scr
[2011/08/13 18:12:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/13 16:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/10 21:38:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/10 21:13:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/10 21:09:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/10 21:09:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/10 21:09:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/10 21:09:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/10 21:09:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/10 21:09:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/10 20:52:32 | 004,168,557 | R--- | C] (Swearware) -- C:\Documents and Settings\Maria Tobar\Desktop\likehijackthis.exe
[2011/08/10 20:42:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Maria Tobar\Recent
[2011/08/08 20:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maria Tobar\Desktop\Unused Desktop Shortcuts
[2011/07/28 20:20:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maria Tobar\Start Menu\Programs\Administrative Tools
[2011/07/28 20:18:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Maria Tobar\Desktop\dds.scr
[2011/07/19 22:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maria Tobar\Start Menu\Programs\HiJackThis
[2011/07/19 22:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/19 19:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maria Tobar\My Documents\FrostWire
[2011/06/19 03:08:59 | 000,311,296 | ---- | C] (PureDef Music) -- C:\Program Files\Uninstall PureDef Music Toolbar.dll
[2005/06/21 13:27:56 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2005/06/21 13:27:02 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2005/06/21 13:22:06 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/06/21 13:21:40 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2005/06/21 13:21:30 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2005/06/21 13:20:08 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2005/06/21 13:19:48 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2005/06/21 13:19:38 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2005/06/21 13:18:58 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2005/06/21 13:18:24 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2005/06/21 13:12:48 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2005/06/21 13:09:22 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/15 21:46:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maria Tobar\Desktop\OTL.scr
[2011/08/15 21:41:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/15 21:40:44 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/15 21:40:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/14 13:08:06 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1866830667-3693464358-3851884687-1007UA.job
[2011/08/10 21:31:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/10 21:13:38 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/08/10 21:08:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1866830667-3693464358-3851884687-1007Core.job
[2011/08/10 20:59:57 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/10 20:52:32 | 004,168,557 | R--- | M] (Swearware) -- C:\Documents and Settings\Maria Tobar\Desktop\likehijackthis.exe
[2011/08/10 14:12:03 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Maria Tobar\Desktop\Google Chrome.lnk
[2011/08/10 14:12:03 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Maria Tobar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/09 02:40:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/09 02:40:52 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/08 23:25:51 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/07/28 20:19:17 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Maria Tobar\Desktop\dds.scr
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | ---- | C] () -- C:\WINDOWS\System32\gamotumu
[2011/08/10 21:13:38 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/08/10 21:13:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/10 21:09:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/10 21:09:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/10 21:09:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/10 21:09:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/10 21:09:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/08 23:25:51 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/08/08 23:25:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/16 21:34:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maria Tobar\Application Data\preferences.dat
[2011/06/11 02:27:23 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/11 02:27:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/27 18:24:40 | 000,000,015 | ---- | C] () -- C:\WINDOWS\dtx.ini
[2010/12/28 12:45:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/05/06 09:02:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Maria Tobar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 22:08:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Maria Tobar\Application Data\$_hpcst$.hpc
[2009/12/22 00:01:06 | 000,003,649 | ---- | C] () -- C:\WINDOWS\System32\165965ackt9zled.exe
[2009/11/28 16:01:45 | 000,009,242 | ---- | C] () -- C:\WINDOWS\12z75tr9j695.exe
[2009/11/26 17:10:34 | 000,011,896 | ---- | C] () -- C:\WINDOWS\System32\382fbaczd59r923.dll
[2009/11/24 22:12:13 | 000,004,251 | ---- | C] () -- C:\WINDOWS\System32\11299w9r514z.bin
[2009/11/23 00:52:57 | 000,015,861 | ---- | C] () -- C:\WINDOWS\System32\40279h5eat1z695.bin
[2009/11/22 12:39:27 | 000,017,508 | ---- | C] () -- C:\WINDOWS\System32\19z16spy459.bin
[2009/11/22 02:57:29 | 000,003,028 | ---- | C] () -- C:\WINDOWS\65579orz650.bin
[2009/11/21 05:46:32 | 000,014,870 | ---- | C] () -- C:\WINDOWS\System32\5024no9-a-v5zus31c.exe
[2009/11/20 16:08:29 | 000,002,753 | ---- | C] () -- C:\WINDOWS\7bd9h5ef226z.dll
[2009/11/14 07:51:04 | 000,011,670 | ---- | C] () -- C:\WINDOWS\System32\29366wzr5591.bin
[2009/11/11 23:29:18 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/11/11 23:12:33 | 000,007,727 | ---- | C] () -- C:\WINDOWS\z3975ir938.exe
[2009/11/11 23:12:31 | 000,013,208 | ---- | C] () -- C:\WINDOWS\System32\995avi513z9.bin
[2009/11/11 23:12:30 | 000,002,887 | ---- | C] () -- C:\WINDOWS\System32\6515thze9147.bin
[2009/11/11 23:12:29 | 000,017,038 | ---- | C] () -- C:\WINDOWS\System32\5b345zief9549.bin
[2009/11/11 23:12:28 | 000,008,074 | ---- | C] () -- C:\WINDOWS\z562spa9se655.dll
[2009/11/11 23:12:26 | 000,012,822 | ---- | C] () -- C:\WINDOWS\23649w9rz12c5.bin
[2009/11/11 23:12:25 | 000,009,726 | ---- | C] () -- C:\WINDOWS\25089spyz10.dll
[2009/11/11 23:12:22 | 000,010,960 | ---- | C] () -- C:\WINDOWS\System32\104z4troj595.exe
[2009/11/11 23:12:11 | 000,016,960 | ---- | C] () -- C:\WINDOWS\System32\223325roj95z.bin
[2009/11/11 23:11:41 | 000,007,836 | ---- | C] () -- C:\WINDOWS\System32\8914s5y69cz.dll
[2009/11/11 23:11:36 | 000,007,770 | ---- | C] () -- C:\WINDOWS\System32\95025spyz35.exe
[2009/11/11 23:11:30 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\7a8at9z5f1485.dll
[2009/11/11 23:11:29 | 000,017,919 | ---- | C] () -- C:\WINDOWS\System32\5124addwaz92525.exe
[2009/11/11 23:11:22 | 000,015,734 | ---- | C] () -- C:\WINDOWS\System32\2518spamz5t9af.bin
[2009/11/11 23:11:19 | 000,015,441 | ---- | C] () -- C:\WINDOWS\System32\6d7c5pazs91204.dll
[2009/11/11 23:11:02 | 000,013,108 | ---- | C] () -- C:\WINDOWS\System32\4fz7spars9585.exe
[2009/11/11 23:11:01 | 000,016,163 | ---- | C] () -- C:\WINDOWS\System32\4384spar9ez55.exe
[2009/11/11 23:10:58 | 000,015,722 | ---- | C] () -- C:\WINDOWS\System32\73e5teaz32459.bin
[2009/11/11 23:10:55 | 000,014,643 | ---- | C] () -- C:\WINDOWS\System32\7496sp5rse3z9.bin
[2009/11/11 23:10:37 | 000,018,020 | ---- | C] () -- C:\WINDOWS\System32\1414zs956b2.exe
[2009/11/11 23:10:02 | 000,010,788 | ---- | C] () -- C:\WINDOWS\20679roj1z65.bin
[2009/11/11 23:10:01 | 000,006,846 | ---- | C] () -- C:\WINDOWS\System32\118705irzs89.dll
[2009/11/11 23:09:57 | 000,005,940 | ---- | C] () -- C:\WINDOWS\15b9v5r945z.exe
[2009/11/11 23:09:53 | 000,005,223 | ---- | C] () -- C:\WINDOWS\System32\51szy7b9.exe
[2009/11/11 23:09:42 | 000,004,449 | ---- | C] () -- C:\WINDOWS\150dthrez98458.dll
[2009/11/11 23:09:42 | 000,002,814 | ---- | C] () -- C:\WINDOWS\27889tz9j4135.dll
[2009/11/11 23:09:41 | 000,008,091 | ---- | C] () -- C:\WINDOWS\715d9irz459.exe
[2009/10/22 10:48:27 | 000,015,796 | ---- | C] () -- C:\WINDOWS\System32\299575ozm6de.dll
[2009/10/11 05:56:30 | 000,007,725 | ---- | C] () -- C:\WINDOWS\System32\19290t95z49c.bin
[2009/10/11 02:45:11 | 000,006,915 | ---- | C] () -- C:\WINDOWS\System32\4199s5zrse66.exe
[2009/09/27 04:59:10 | 000,008,762 | ---- | C] () -- C:\WINDOWS\1ff3sza9se1535.dll
[2009/09/24 10:49:54 | 000,012,759 | ---- | C] () -- C:\WINDOWS\System32\2dz3sp9rse1155.dll
[2009/09/24 10:11:36 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\3zad9hi5f2858.exe
[2009/09/22 19:57:45 | 000,006,211 | ---- | C] () -- C:\WINDOWS\System32\2b57backd59r126z.bin
[2009/09/17 11:30:33 | 000,002,659 | ---- | C] () -- C:\WINDOWS\12b1addw9rz5152.dll
[2009/09/12 23:06:23 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\23908tr59413z.bin
[2009/09/07 01:45:42 | 000,004,045 | ---- | C] () -- C:\WINDOWS\System32\260795orz19e.exe
[2009/09/03 23:47:24 | 000,010,096 | ---- | C] () -- C:\WINDOWS\System32\2578s9a5se162z.bin
[2009/09/02 05:18:36 | 000,012,274 | ---- | C] () -- C:\WINDOWS\47c3s95ware2z7.bin
[2009/08/21 09:55:52 | 000,002,700 | ---- | C] () -- C:\WINDOWS\299e5ir305z.bin
[2009/08/20 11:39:37 | 000,012,537 | ---- | C] () -- C:\WINDOWS\System32\295z7spy799.dll
[2009/07/27 22:13:32 | 000,005,220 | ---- | C] () -- C:\WINDOWS\System32\28769not-az9ir5s8a.exe
[2009/07/21 23:24:42 | 000,007,170 | ---- | C] () -- C:\WINDOWS\System32\551azt9al30795.dll
[2009/07/14 04:44:23 | 000,003,493 | ---- | C] () -- C:\WINDOWS\25899trojz58.exe
[2009/07/12 20:45:43 | 000,015,043 | ---- | C] () -- C:\WINDOWS\System32\21405s9a5botz02.exe
[2009/07/12 17:31:48 | 000,003,672 | ---- | C] () -- C:\WINDOWS\9994troj6z05.exe
[2009/07/04 06:45:39 | 000,008,871 | ---- | C] () -- C:\WINDOWS\System32\fdfs95al2z.dll
[2009/06/22 11:47:14 | 000,004,293 | ---- | C] () -- C:\WINDOWS\z5251spy79.dll
[2009/06/19 02:15:40 | 000,009,354 | ---- | C] () -- C:\WINDOWS\System32\22279troj25z.bin
[2009/06/10 10:05:33 | 000,006,423 | ---- | C] () -- C:\WINDOWS\89269pa5bot45fz.exe
[2009/06/06 16:32:41 | 000,017,068 | ---- | C] () -- C:\WINDOWS\System32\5ba29zr557.bin
[2009/05/14 06:02:02 | 000,008,062 | ---- | C] () -- C:\WINDOWS\60z0t5oj249.bin
[2009/05/07 00:27:27 | 000,008,723 | ---- | C] () -- C:\WINDOWS\System32\584azir29955.exe
[2009/05/02 11:58:31 | 000,006,068 | ---- | C] () -- C:\WINDOWS\System32\52859zyware6305.bin
[2009/05/01 17:33:04 | 000,002,677 | ---- | C] () -- C:\WINDOWS\z994troj652.bin
[2009/04/24 14:16:21 | 000,014,807 | ---- | C] () -- C:\WINDOWS\System32\25c3zhre9532150.exe
[2009/04/24 09:46:36 | 000,003,727 | ---- | C] () -- C:\WINDOWS\6827zr9j545.exe
[2009/04/18 13:23:32 | 000,006,824 | ---- | C] () -- C:\WINDOWS\2259ojz8d.bin
[2009/04/18 11:39:50 | 000,003,092 | ---- | C] () -- C:\WINDOWS\23a95aczdoor1672.bin
[2009/04/17 15:59:49 | 000,008,740 | ---- | C] () -- C:\WINDOWS\19913sz925a.exe
[2009/04/17 08:03:43 | 000,018,277 | ---- | C] () -- C:\WINDOWS\System32\z43495ief1193.dll
[2009/04/11 13:56:56 | 000,004,329 | ---- | C] () -- C:\WINDOWS\System32\90da5tezl1770.exe
[2009/04/04 09:42:33 | 000,014,053 | ---- | C] () -- C:\WINDOWS\System32\5c519zief1975.exe
[2009/04/03 06:56:12 | 000,003,847 | ---- | C] () -- C:\WINDOWS\System32\179555roj9z5.exe
[2009/03/24 05:13:55 | 000,008,460 | ---- | C] () -- C:\WINDOWS\900zh5ef2590.dll
[2009/03/22 22:07:32 | 000,013,307 | ---- | C] () -- C:\WINDOWS\System32\29z5vir1715.dll
[2009/03/19 04:16:26 | 000,014,789 | ---- | C] () -- C:\WINDOWS\System32\z3189p5mbot6bf.exe
[2009/03/18 17:38:19 | 000,012,314 | ---- | C] () -- C:\WINDOWS\System32\475395rmdz.exe
[2009/03/06 03:17:31 | 000,002,970 | ---- | C] () -- C:\WINDOWS\7z92sparse9875.exe
[2009/02/27 18:18:32 | 000,002,881 | ---- | C] () -- C:\WINDOWS\System32\4286dow9l5zder302.dll
[2009/02/26 19:38:09 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\3186ztroj9775.exe
[2009/02/24 05:36:56 | 000,008,231 | ---- | C] () -- C:\WINDOWS\49e0spzrse5872.bin
[2009/02/19 09:37:07 | 000,003,353 | ---- | C] () -- C:\WINDOWS\1552sparse139z.dll
[2009/02/17 09:21:03 | 000,012,762 | ---- | C] () -- C:\WINDOWS\z320back5oo9770.bin
[2009/02/10 15:18:05 | 000,006,017 | ---- | C] () -- C:\WINDOWS\System32\337a9d5arz1863.bin
[2009/02/07 12:25:12 | 000,005,943 | ---- | C] () -- C:\WINDOWS\System32\qvsmplno.dll
[2009/02/07 12:22:28 | 000,005,944 | ---- | C] () -- C:\WINDOWS\System32\rvmrbsfv.dll
[2009/02/03 19:11:04 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/28 07:11:52 | 000,006,580 | ---- | C] () -- C:\WINDOWS\24853not-a-zi9us2d.exe
[2009/01/23 14:36:51 | 000,005,944 | ---- | C] () -- C:\WINDOWS\System32\xymfuyml.dll
[2009/01/23 12:28:21 | 000,005,944 | ---- | C] () -- C:\WINDOWS\System32\nfmereld.dll
[2009/01/22 12:27:22 | 000,005,944 | ---- | C] () -- C:\WINDOWS\System32\gcfqasho.dll
[2009/01/18 19:10:41 | 000,005,944 | ---- | C] () -- C:\WINDOWS\System32\ixjfjyyu.dll
[2009/01/17 20:24:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/01/10 03:06:01 | 000,011,453 | ---- | C] () -- C:\WINDOWS\System32\10959tro55z0.exe
[2009/01/07 11:23:43 | 000,010,000 | ---- | C] () -- C:\WINDOWS\System32\6aebzparse9215.dll
[2009/01/05 13:02:23 | 000,017,412 | ---- | C] () -- C:\WINDOWS\System32\66z3v5r2693.bin
[2009/01/04 18:53:34 | 000,006,235 | ---- | C] () -- C:\WINDOWS\18559t9oj5zc.bin
[2009/01/04 01:31:15 | 000,002,666 | ---- | C] () -- C:\WINDOWS\56198spy7z8.exe
[2009/01/02 07:30:52 | 000,010,731 | ---- | C] () -- C:\WINDOWS\System32\68359py3zd.exe
[2008/12/28 14:01:32 | 000,009,704 | ---- | C] () -- C:\WINDOWS\System32\2fdaadd5a9e13z2.bin
[2008/12/14 12:46:28 | 000,015,436 | ---- | C] () -- C:\WINDOWS\System32\2990troj25z.dll
[2008/11/22 17:29:59 | 000,010,795 | ---- | C] () -- C:\WINDOWS\System32\969backd95r108z.exe
[2008/11/22 12:46:08 | 000,007,998 | ---- | C] () -- C:\WINDOWS\5b29zir1154.bin
[2008/11/07 06:03:48 | 000,004,975 | ---- | C] () -- C:\WINDOWS\System32\199addza5e3191.exe
[2008/11/06 03:35:42 | 000,007,118 | ---- | C] () -- C:\WINDOWS\System32\95933troz113.exe
[2008/11/02 14:54:59 | 000,006,317 | ---- | C] () -- C:\WINDOWS\19154zpy6e9.dll
[2008/10/19 02:59:18 | 000,004,686 | ---- | C] () -- C:\WINDOWS\System32\15944t9o531cz.exe
[2008/10/15 18:55:05 | 000,015,020 | ---- | C] () -- C:\WINDOWS\5725spa9sz400.bin
[2008/10/11 00:33:30 | 000,006,818 | ---- | C] () -- C:\WINDOWS\355z9troj13.dll
[2008/10/09 21:15:39 | 000,004,180 | ---- | C] () -- C:\WINDOWS\System32\4c4dsp5zs9374.bin
[2008/10/05 13:54:01 | 000,004,539 | ---- | C] () -- C:\WINDOWS\5ecv5z954.dll
[2008/10/02 23:38:37 | 000,007,099 | ---- | C] () -- C:\WINDOWS\System32\11392z9yd5.exe
[2008/10/02 12:02:33 | 000,007,089 | ---- | C] () -- C:\WINDOWS\System32\13056troz5f9.exe
[2008/10/01 22:59:14 | 000,011,736 | ---- | C] () -- C:\WINDOWS\System32\3851zroj592.dll
[2008/09/27 05:53:42 | 000,007,848 | ---- | C] () -- C:\WINDOWS\4dcfba5zdoor2972.dll
[2008/09/19 16:13:52 | 000,006,170 | ---- | C] () -- C:\WINDOWS\System32\159bspars968z.dll
[2008/09/15 04:12:24 | 000,009,511 | ---- | C] () -- C:\WINDOWS\29427zpya25.dll
[2008/09/13 00:36:44 | 000,008,430 | ---- | C] () -- C:\WINDOWS\aa7s9zrs52585.bin
[2008/09/08 19:50:31 | 000,014,308 | ---- | C] () -- C:\WINDOWS\System32\25759wo957z0.exe
[2008/09/03 15:49:20 | 000,017,008 | ---- | C] () -- C:\WINDOWS\System32\75229t5zl1491.bin
[2008/09/02 17:02:27 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/09/02 01:56:11 | 000,002,982 | ---- | C] () -- C:\WINDOWS\3d62sp9wa5z3151.bin
[2008/09/01 14:35:47 | 000,009,108 | ---- | C] () -- C:\WINDOWS\5479woz5609.bin
[2008/08/09 07:51:14 | 000,016,274 | ---- | C] () -- C:\WINDOWS\6c95vir54z1.bin
[2008/08/08 19:58:06 | 000,010,283 | ---- | C] () -- C:\WINDOWS\System32\5961zparse7059.exe
[2008/08/08 02:46:55 | 000,007,126 | ---- | C] () -- C:\WINDOWS\System32\5493vi9520z.dll
[2008/07/23 11:48:27 | 000,008,645 | ---- | C] () -- C:\WINDOWS\1edthre9529463z.bin
[2008/07/23 00:00:15 | 000,003,761 | ---- | C] () -- C:\WINDOWS\5f585zief1962.bin
[2008/07/14 23:04:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/07/06 11:45:15 | 000,008,698 | ---- | C] () -- C:\WINDOWS\53769paz5ot777.bin
[2008/07/03 15:38:58 | 000,006,087 | ---- | C] () -- C:\WINDOWS\System32\31552zpy19a.exe
[2008/07/02 14:07:25 | 000,009,620 | ---- | C] () -- C:\WINDOWS\10469s9a5bot5ebz.exe
[2008/06/26 04:12:11 | 000,016,348 | ---- | C] () -- C:\WINDOWS\System32\8c49irz58.bin
[2008/06/23 17:42:38 | 000,006,732 | ---- | C] () -- C:\WINDOWS\15455troz2a39.bin
[2008/06/23 14:04:44 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\5d5zvir14639.bin
[2008/06/19 11:03:10 | 000,009,570 | ---- | C] () -- C:\WINDOWS\System32\793f5ir20z1.dll
[2008/06/13 00:11:30 | 000,018,424 | ---- | C] () -- C:\WINDOWS\4z93vi5519.bin
[2008/06/12 08:11:21 | 000,009,181 | ---- | C] () -- C:\WINDOWS\System32\1898szy9ar5423.bin
[2008/06/09 07:44:38 | 000,013,413 | ---- | C] () -- C:\WINDOWS\513zhie59813.bin
[2008/06/01 04:40:28 | 000,016,879 | ---- | C] () -- C:\WINDOWS\System32\31605hrea926099z.exe
[2008/05/25 06:19:17 | 000,016,207 | ---- | C] () -- C:\WINDOWS\98d2st5az1817.bin
[2008/05/23 16:11:14 | 000,015,461 | ---- | C] () -- C:\WINDOWS\System32\4505z9rm5e1.dll
[2008/05/20 12:29:58 | 000,005,737 | ---- | C] () -- C:\WINDOWS\System32\z1e6st5a91147.bin
[2008/05/20 12:21:38 | 000,014,985 | ---- | C] () -- C:\WINDOWS\System32\21842w95m8z.bin
[2008/05/19 22:08:09 | 000,015,457 | ---- | C] () -- C:\WINDOWS\System32\54d99ack5zor1904.bin
[2008/05/19 05:34:24 | 000,003,992 | ---- | C] () -- C:\WINDOWS\22996sz5mbot5e59.dll
[2008/05/12 13:46:53 | 000,016,626 | ---- | C] () -- C:\WINDOWS\System32\49559i5315z.exe
[2008/05/10 07:39:12 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\12584spy915z.exe
[2008/05/05 19:40:14 | 000,003,039 | ---- | C] () -- C:\WINDOWS\System32\589th9eaz56573.dll
[2008/05/04 14:05:07 | 000,015,486 | ---- | C] () -- C:\WINDOWS\z71sp95se598.bin
[2008/05/04 11:53:14 | 000,008,174 | ---- | C] () -- C:\WINDOWS\775b9pzrse1952.dll
[2008/05/02 08:39:26 | 000,007,787 | ---- | C] () -- C:\WINDOWS\System32\15705spy29z.dll
[2008/04/27 07:08:46 | 000,002,866 | ---- | C] () -- C:\WINDOWS\System32\64759ir2885z.exe
[2008/04/14 08:59:58 | 000,011,048 | ---- | C] () -- C:\WINDOWS\System32\5b8e95ckzoor1458.exe
[2008/04/11 20:20:33 | 000,013,996 | ---- | C] () -- C:\WINDOWS\System32\5ccas9arze5236.bin
[2008/03/24 14:49:00 | 000,012,958 | ---- | C] () -- C:\WINDOWS\System32\z485o9m74b.dll
[2008/03/14 14:58:23 | 000,006,220 | ---- | C] () -- C:\WINDOWS\System32\z8168s5y3f9.dll
[2008/03/05 17:58:42 | 000,007,744 | ---- | C] () -- C:\WINDOWS\System32\1052095rus53ez.exe
[2008/02/23 03:26:44 | 000,013,808 | ---- | C] () -- C:\WINDOWS\System32\75dbackz9or5090.exe
[2008/02/20 16:55:38 | 000,007,628 | ---- | C] () -- C:\WINDOWS\System32\4b4e5ddwa9z1485.bin
[2008/02/06 15:44:12 | 000,002,711 | ---- | C] () -- C:\WINDOWS\System32\27aaddwa5z2955.dll
[2008/02/05 09:53:35 | 000,002,776 | ---- | C] () -- C:\WINDOWS\System32\7331s9a5zot7ff.exe
[2008/01/22 05:55:22 | 000,007,414 | ---- | C] () -- C:\WINDOWS\39zbsparse1518.bin
[2008/01/13 23:41:11 | 000,003,021 | ---- | C] () -- C:\WINDOWS\6012zdd5ar91429.bin
[2008/01/13 02:39:09 | 000,005,255 | ---- | C] () -- C:\WINDOWS\System32\92a05hzef1526.dll
[2007/08/06 23:12:19 | 000,001,352 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/12 22:08:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/06/29 11:19:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/05/05 20:09:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/02 13:31:05 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/26 19:00:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/04/25 20:14:03 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/04/20 14:04:42 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/04/18 22:47:52 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Maria Tobar\Local Settings\Application Data\fusioncache.dat
[2006/04/18 10:39:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/04/18 07:18:35 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\E6BFF45995.sys
[2006/04/18 07:18:20 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/04 22:03:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/04 21:57:50 | 000,001,257 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/04 21:55:02 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/04/04 21:53:27 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/04 21:49:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/04 21:47:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/04 21:23:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/04/04 21:23:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/04/04 21:23:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/04 21:23:00 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,443,400 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,072,506 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 12:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/07/22 12:48:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/07/22 12:48:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/07/22 12:48:06 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/07/22 12:47:20 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/07/22 12:47:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/07/22 12:47:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/07/22 12:47:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/07/22 12:45:22 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2011/08/10 21:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/09/02 16:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/09/09 21:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2005/08/16 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/12/30 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/12/28 12:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2006/05/25 20:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2011/06/11 02:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/05/10 13:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/05/15 01:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2008/01/11 00:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2006/04/17 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2011/03/23 13:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2006/04/29 10:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/09/02 17:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/29 21:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/09 01:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/11 10:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/11 10:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/04/26 19:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/03 01:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/09/22 18:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\Broderbund
[2011/03/31 10:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\iMesh
[2011/07/08 21:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\IObit
[2009/11/12 23:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\iolo
[2009/08/04 19:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\Leadertech
[2006/10/22 11:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\ScamBlocker
[2011/06/16 21:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\simppulltoolbar
[2009/08/01 20:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\Skinux
[2010/12/29 16:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\Titanium Gears
[2009/02/10 23:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\Viewpoint
[2010/12/28 12:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\WeatherBug
[2007/02/06 16:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maria Tobar\Application Data\Windows Desktop Search
[2011/08/15 21:40:44 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/08/25 10:05:48 | 000,000,000 | ---D | M](C:\Do?) -- C:\Doм
[2008/08/25 10:05:47 | 000,000,000 | ---D | C](C:\Do?) -- C:\Doм
[2008/01/18 17:30:52 | 000,000,000 | ---D | M](C:\DoR?) -- C:\DoRЩ
[2008/01/18 17:30:50 | 000,000,000 | ---D | C](C:\DoR?) -- C:\DoRЩ

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

heres the second:

OTL Extras logfile created on: 8/15/2011 9:46:11 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Maria Tobar\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 183.61 Mb Available Physical Memory | 36.57% Memory free
1.20 Gb Paging File | 0.95 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 18.88 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 18.52 Gb Free Space | 99.53% Space Free | Partition Type: NTFS
Drive F: | 491.72 Mb Total Space | 491.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ENRIQUE | User Name: Maria Tobar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\WINDOWS\system32\dlcccoms.exe" = C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPSWX.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPSWX.EXE:*:Enabled:Dell 924 Printer Status -- ()
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Disabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25EF03E6-F17B-11D6-88EA-000476CD2443}" = Verizon Online Help & Support
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111318690}" = Teddy Factory
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}" = EarthLink Common Authentication
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2444FA0-04AA-4221-B652-73713947ED22}" = Anti-Spyware
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EEC93E6F-6E73-46BE-8152-59C66B272219}" = Deal Info
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service
"{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}" = Netscape Web Accelerator
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFG-Turbo Sliders" = Turbo Sliders (remove only)
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"hkrkgoxackwowedh" = RON Tool Offersfortoday
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Optimizer Pro" = PC Optimizer Pro
"PROSet" = Intel® PRO Network Connections Drivers
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.20
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Rp Scan and Clean {40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"Sally's Spa" = Sally's Spa
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Turbo Pizza" = Turbo Pizza (remove only)
"Verizon Online DSL_is1" = Verizon Online DSL
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2011 10:29:54 PM | Computer Name = ENRIQUE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/22/2011 1:22:57 AM | Computer Name = ENRIQUE | Source = ESENT | ID = 485
Description = wuauclt (3520) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 7/22/2011 1:23:02 AM | Computer Name = ENRIQUE | Source = ESENT | ID = 485
Description = wuauclt (3820) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 7/23/2011 2:21:58 AM | Computer Name = ENRIQUE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/23/2011 4:49:47 AM | Computer Name = ENRIQUE | Source = ESENT | ID = 485
Description = wuauclt (2424) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/23/2011 6:50:11 AM | Computer Name = ENRIQUE | Source = ESENT | ID = 485
Description = wuauclt (1260) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/28/2011 9:16:57 AM | Computer Name = ENRIQUE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/8/2011 11:22:47 PM | Computer Name = ENRIQUE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/9/2011 5:41:00 AM | Computer Name = ENRIQUE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/13/2011 7:08:02 PM | Computer Name = ENRIQUE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 8/15/2011 7:03:42 PM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/15/2011 7:03:42 PM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/15/2011 7:03:42 PM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/15/2011 7:03:42 PM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/15/2011 7:03:47 PM | Computer Name = ENRIQUE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/16/2011 12:41:43 AM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/16/2011 12:41:43 AM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/16/2011 12:41:43 AM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/16/2011 12:41:43 AM | Computer Name = ENRIQUE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/16/2011 12:41:45 AM | Computer Name = ENRIQUE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:04 PM

Posted 16 August 2011 - 02:57 PM

Good evening. :)

Myway search is still present when I search in the address bar for firefox.

Forgive me for perhaps being stupid, but what exactly are you saying here?

So long, and thanks for all the fish.

 

 


#9 datkwikracer

datkwikracer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 16 August 2011 - 11:49 PM

You know how if you type for example "barack obama" in the address bar, instead of giving you an error like it's an incorrect address it'll just search the term instead. I know myway isn't the search by default for firefox, so somehow my "search from address bar" was hijacked.

I googled "search from address bar firefox" and I was able to change it using about:config in the address bar so I changed it to google. So that's fixed, I just want to make sure there isn't any other crap left on this system.

The only obvious problem that I can tell is that I still can't download updates from windows update. Could spyware or viruses prevent from me from installing Microsoft software?

Thanks again for all the time you've spent with me, I really appreciate it.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:04 PM

Posted 19 August 2011 - 02:48 PM

Good evening. :)

Could spyware or viruses prevent from me from installing Microsoft software?

It's possible that an active infection is blocking Windows Updates, or it could be that something has become corrupted, either through malware activity that has been subsequently removed, or through the unfortunate failure of PCs to work properly all the time regardless of how you treat them.

We'll start with cleaning up the detritus and see where that gets us.

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run OTL.exe.

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.

    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found

    :Files
    C:\WINDOWS\System32\165965ackt9zled.exe
    C:\WINDOWS\12z75tr9j695.exe
    C:\WINDOWS\System32\382fbaczd59r923.dll
    C:\WINDOWS\System32\11299w9r514z.bin
    C:\WINDOWS\System32\40279h5eat1z695.bin
    C:\WINDOWS\System32\19z16spy459.bin
    C:\WINDOWS\65579orz650.bin
    C:\WINDOWS\System32\5024no9-a-v5zus31c.exe
    C:\WINDOWS\7bd9h5ef226z.dll
    C:\WINDOWS\System32\29366wzr5591.bin
    C:\WINDOWS\System32\mfc45.dll
    C:\WINDOWS\z3975ir938.exe
    C:\WINDOWS\System32\995avi513z9.bin
    C:\WINDOWS\System32\6515thze9147.bin
    C:\WINDOWS\System32\5b345zief9549.bin
    C:\WINDOWS\z562spa9se655.dll
    C:\WINDOWS\23649w9rz12c5.bin
    C:\WINDOWS\25089spyz10.dll
    C:\WINDOWS\System32\104z4troj595.exe
    C:\WINDOWS\System32\223325roj95z.bin
    C:\WINDOWS\System32\8914s5y69cz.dll
    C:\WINDOWS\System32\95025spyz35.exe
    C:\WINDOWS\System32\7a8at9z5f1485.dll
    C:\WINDOWS\System32\5124addwaz92525.exe
    C:\WINDOWS\System32\2518spamz5t9af.bin
    C:\WINDOWS\System32\6d7c5pazs91204.dll
    C:\WINDOWS\System32\4fz7spars9585.exe
    C:\WINDOWS\System32\4384spar9ez55.exe
    C:\WINDOWS\System32\73e5teaz32459.bin
    C:\WINDOWS\System32\7496sp5rse3z9.bin
    C:\WINDOWS\System32\1414zs956b2.exe
    C:\WINDOWS\20679roj1z65.bin
    C:\WINDOWS\System32\118705irzs89.dll
    C:\WINDOWS\15b9v5r945z.exe
    C:\WINDOWS\System32\51szy7b9.exe
    C:\WINDOWS\150dthrez98458.dll
    C:\WINDOWS\27889tz9j4135.dll
    C:\WINDOWS\715d9irz459.exe
    C:\WINDOWS\System32\299575ozm6de.dll
    C:\WINDOWS\System32\19290t95z49c.bin
    C:\WINDOWS\System32\4199s5zrse66.exe
    C:\WINDOWS\1ff3sza9se1535.dll
    C:\WINDOWS\System32\2dz3sp9rse1155.dll
    C:\WINDOWS\System32\3zad9hi5f2858.exe
    C:\WINDOWS\System32\2b57backd59r126z.bin
    C:\WINDOWS\12b1addw9rz5152.dll
    C:\WINDOWS\System32\23908tr59413z.bin
    C:\WINDOWS\System32\260795orz19e.exe
    C:\WINDOWS\System32\2578s9a5se162z.bin
    C:\WINDOWS\47c3s95ware2z7.bin
    C:\WINDOWS\299e5ir305z.bin
    C:\WINDOWS\System32\295z7spy799.dll
    C:\WINDOWS\System32\28769not-az9ir5s8a.exe
    C:\WINDOWS\System32\551azt9al30795.dll
    C:\WINDOWS\25899trojz58.exe
    C:\WINDOWS\System32\21405s9a5botz02.exe
    C:\WINDOWS\9994troj6z05.exe
    C:\WINDOWS\System32\fdfs95al2z.dll
    C:\WINDOWS\z5251spy79.dll
    C:\WINDOWS\System32\22279troj25z.bin
    C:\WINDOWS\89269pa5bot45fz.exe
    C:\WINDOWS\System32\5ba29zr557.bin
    C:\WINDOWS\60z0t5oj249.bin
    C:\WINDOWS\System32\584azir29955.exe
    C:\WINDOWS\System32\52859zyware6305.bin
    C:\WINDOWS\z994troj652.bin
    C:\WINDOWS\System32\25c3zhre9532150.exe
    C:\WINDOWS\6827zr9j545.exe
    C:\WINDOWS\2259ojz8d.bin
    C:\WINDOWS\23a95aczdoor1672.bin
    C:\WINDOWS\19913sz925a.exe
    C:\WINDOWS\System32\z43495ief1193.dll
    C:\WINDOWS\System32\90da5tezl1770.exe
    C:\WINDOWS\System32\5c519zief1975.exe
    C:\WINDOWS\System32\179555roj9z5.exe
    C:\WINDOWS\900zh5ef2590.dll
    C:\WINDOWS\System32\29z5vir1715.dll
    C:\WINDOWS\System32\z3189p5mbot6bf.exe
    C:\WINDOWS\System32\475395rmdz.exe
    C:\WINDOWS\7z92sparse9875.exe
    C:\WINDOWS\System32\4286dow9l5zder302.dll
    C:\WINDOWS\System32\3186ztroj9775.exe
    C:\WINDOWS\49e0spzrse5872.bin
    C:\WINDOWS\1552sparse139z.dll
    C:\WINDOWS\z320back5oo9770.bin
    C:\WINDOWS\System32\337a9d5arz1863.bin
    C:\WINDOWS\System32\qvsmplno.dll
    C:\WINDOWS\System32\rvmrbsfv.dll
    C:\WINDOWS\24853not-a-zi9us2d.exe
    C:\WINDOWS\System32\xymfuyml.dll
    C:\WINDOWS\System32\nfmereld.dll
    C:\WINDOWS\System32\gcfqasho.dll
    C:\WINDOWS\System32\ixjfjyyu.dll
    C:\WINDOWS\System32\10959tro55z0.exe
    C:\WINDOWS\System32\6aebzparse9215.dll
    C:\WINDOWS\System32\66z3v5r2693.bin
    C:\WINDOWS\18559t9oj5zc.bin
    C:\WINDOWS\56198spy7z8.exe
    C:\WINDOWS\System32\68359py3zd.exe
    C:\WINDOWS\System32\2fdaadd5a9e13z2.bin
    C:\WINDOWS\System32\2990troj25z.dll
    C:\WINDOWS\System32\969backd95r108z.exe
    C:\WINDOWS\5b29zir1154.bin
    C:\WINDOWS\System32\199addza5e3191.exe
    C:\WINDOWS\System32\95933troz113.exe
    C:\WINDOWS\19154zpy6e9.dll
    C:\WINDOWS\System32\15944t9o531cz.exe
    C:\WINDOWS\5725spa9sz400.bin
    C:\WINDOWS\355z9troj13.dll
    C:\WINDOWS\System32\4c4dsp5zs9374.bin
    C:\WINDOWS\5ecv5z954.dll
    C:\WINDOWS\System32\11392z9yd5.exe
    C:\WINDOWS\System32\13056troz5f9.exe
    C:\WINDOWS\System32\3851zroj592.dll
    C:\WINDOWS\4dcfba5zdoor2972.dll
    C:\WINDOWS\System32\159bspars968z.dll
    C:\WINDOWS\29427zpya25.dll
    C:\WINDOWS\aa7s9zrs52585.bin
    C:\WINDOWS\System32\25759wo957z0.exe
    C:\WINDOWS\System32\75229t5zl1491.bin
    C:\WINDOWS\3d62sp9wa5z3151.bin
    C:\WINDOWS\5479woz5609.bin
    C:\WINDOWS\6c95vir54z1.bin
    C:\WINDOWS\System32\5961zparse7059.exe
    C:\WINDOWS\System32\5493vi9520z.dll
    C:\WINDOWS\1edthre9529463z.bin
    C:\WINDOWS\5f585zief1962.bin
    C:\WINDOWS\53769paz5ot777.bin
    C:\WINDOWS\System32\31552zpy19a.exe
    C:\WINDOWS\10469s9a5bot5ebz.exe
    C:\WINDOWS\System32\8c49irz58.bin
    C:\WINDOWS\15455troz2a39.bin
    C:\WINDOWS\System32\5d5zvir14639.bin
    C:\WINDOWS\System32\793f5ir20z1.dll
    C:\WINDOWS\4z93vi5519.bin
    C:\WINDOWS\System32\1898szy9ar5423.bin
    C:\WINDOWS\513zhie59813.bin
    C:\WINDOWS\System32\31605hrea926099z.exe
    C:\WINDOWS\98d2st5az1817.bin
    C:\WINDOWS\System32\4505z9rm5e1.dll
    C:\WINDOWS\System32\z1e6st5a91147.bin
    C:\WINDOWS\System32\21842w95m8z.bin
    C:\WINDOWS\System32\54d99ack5zor1904.bin
    C:\WINDOWS\22996sz5mbot5e59.dll
    C:\WINDOWS\System32\49559i5315z.exe
    C:\WINDOWS\System32\12584spy915z.exe
    C:\WINDOWS\System32\589th9eaz56573.dll
    C:\WINDOWS\z71sp95se598.bin
    C:\WINDOWS\775b9pzrse1952.dll
    C:\WINDOWS\System32\15705spy29z.dll
    C:\WINDOWS\System32\64759ir2885z.exe
    C:\WINDOWS\System32\5b8e95ckzoor1458.exe
    C:\WINDOWS\System32\5ccas9arze5236.bin
    C:\WINDOWS\System32\z485o9m74b.dll
    C:\WINDOWS\System32\z8168s5y3f9.dll
    C:\WINDOWS\System32\1052095rus53ez.exe
    C:\WINDOWS\System32\75dbackz9or5090.exe
    C:\WINDOWS\System32\4b4e5ddwa9z1485.bin
    C:\WINDOWS\System32\27aaddwa5z2955.dll
    C:\WINDOWS\System32\7331s9a5zot7ff.exe
    C:\WINDOWS\39zbsparse1518.bin
    C:\WINDOWS\6012zdd5ar91429.bin
    C:\WINDOWS\System32\92a05hzef1526.dll
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.
Please let me have a copy of the log that appears once OTL has completed it's run.

So long, and thanks for all the fish.

 

 


#11 datkwikracer

datkwikracer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 20 August 2011 - 01:02 PM

I ran JavaRa and updated Java.

I ran the fixes on OTL and here is the log after I rebooted:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7768536-96F8-4001-B1A2-90EE21279187} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7768536-96F8-4001-B1A2-90EE21279187}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7F30B62-8269-41AF-9539-B2697FA7D77E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7F30B62-8269-41AF-9539-B2697FA7D77E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found not found.
========== FILES ==========
C:\WINDOWS\System32\165965ackt9zled.exe moved successfully.
C:\WINDOWS\12z75tr9j695.exe moved successfully.
C:\WINDOWS\System32\382fbaczd59r923.dll moved successfully.
C:\WINDOWS\System32\11299w9r514z.bin moved successfully.
C:\WINDOWS\System32\40279h5eat1z695.bin moved successfully.
C:\WINDOWS\System32\19z16spy459.bin moved successfully.
C:\WINDOWS\65579orz650.bin moved successfully.
C:\WINDOWS\System32\5024no9-a-v5zus31c.exe moved successfully.
C:\WINDOWS\7bd9h5ef226z.dll moved successfully.
C:\WINDOWS\System32\29366wzr5591.bin moved successfully.
C:\WINDOWS\System32\mfc45.dll moved successfully.
C:\WINDOWS\z3975ir938.exe moved successfully.
C:\WINDOWS\System32\995avi513z9.bin moved successfully.
C:\WINDOWS\System32\6515thze9147.bin moved successfully.
C:\WINDOWS\System32\5b345zief9549.bin moved successfully.
C:\WINDOWS\z562spa9se655.dll moved successfully.
C:\WINDOWS\23649w9rz12c5.bin moved successfully.
C:\WINDOWS\25089spyz10.dll moved successfully.
C:\WINDOWS\System32\104z4troj595.exe moved successfully.
C:\WINDOWS\System32\223325roj95z.bin moved successfully.
C:\WINDOWS\System32\8914s5y69cz.dll moved successfully.
C:\WINDOWS\System32\95025spyz35.exe moved successfully.
C:\WINDOWS\System32\7a8at9z5f1485.dll moved successfully.
C:\WINDOWS\System32\5124addwaz92525.exe moved successfully.
C:\WINDOWS\System32\2518spamz5t9af.bin moved successfully.
C:\WINDOWS\System32\6d7c5pazs91204.dll moved successfully.
C:\WINDOWS\System32\4fz7spars9585.exe moved successfully.
C:\WINDOWS\System32\4384spar9ez55.exe moved successfully.
C:\WINDOWS\System32\73e5teaz32459.bin moved successfully.
C:\WINDOWS\System32\7496sp5rse3z9.bin moved successfully.
C:\WINDOWS\System32\1414zs956b2.exe moved successfully.
C:\WINDOWS\20679roj1z65.bin moved successfully.
C:\WINDOWS\System32\118705irzs89.dll moved successfully.
C:\WINDOWS\15b9v5r945z.exe moved successfully.
C:\WINDOWS\System32\51szy7b9.exe moved successfully.
C:\WINDOWS\150dthrez98458.dll moved successfully.
C:\WINDOWS\27889tz9j4135.dll moved successfully.
C:\WINDOWS\715d9irz459.exe moved successfully.
C:\WINDOWS\System32\299575ozm6de.dll moved successfully.
C:\WINDOWS\System32\19290t95z49c.bin moved successfully.
C:\WINDOWS\System32\4199s5zrse66.exe moved successfully.
C:\WINDOWS\1ff3sza9se1535.dll moved successfully.
C:\WINDOWS\System32\2dz3sp9rse1155.dll moved successfully.
C:\WINDOWS\System32\3zad9hi5f2858.exe moved successfully.
C:\WINDOWS\System32\2b57backd59r126z.bin moved successfully.
C:\WINDOWS\12b1addw9rz5152.dll moved successfully.
C:\WINDOWS\System32\23908tr59413z.bin moved successfully.
C:\WINDOWS\System32\260795orz19e.exe moved successfully.
C:\WINDOWS\System32\2578s9a5se162z.bin moved successfully.
C:\WINDOWS\47c3s95ware2z7.bin moved successfully.
C:\WINDOWS\299e5ir305z.bin moved successfully.
C:\WINDOWS\System32\295z7spy799.dll moved successfully.
C:\WINDOWS\System32\28769not-az9ir5s8a.exe moved successfully.
C:\WINDOWS\System32\551azt9al30795.dll moved successfully.
C:\WINDOWS\25899trojz58.exe moved successfully.
C:\WINDOWS\System32\21405s9a5botz02.exe moved successfully.
C:\WINDOWS\9994troj6z05.exe moved successfully.
C:\WINDOWS\System32\fdfs95al2z.dll moved successfully.
C:\WINDOWS\z5251spy79.dll moved successfully.
C:\WINDOWS\System32\22279troj25z.bin moved successfully.
C:\WINDOWS\89269pa5bot45fz.exe moved successfully.
C:\WINDOWS\System32\5ba29zr557.bin moved successfully.
C:\WINDOWS\60z0t5oj249.bin moved successfully.
C:\WINDOWS\System32\584azir29955.exe moved successfully.
C:\WINDOWS\System32\52859zyware6305.bin moved successfully.
C:\WINDOWS\z994troj652.bin moved successfully.
C:\WINDOWS\System32\25c3zhre9532150.exe moved successfully.
C:\WINDOWS\6827zr9j545.exe moved successfully.
C:\WINDOWS\2259ojz8d.bin moved successfully.
C:\WINDOWS\23a95aczdoor1672.bin moved successfully.
C:\WINDOWS\19913sz925a.exe moved successfully.
C:\WINDOWS\System32\z43495ief1193.dll moved successfully.
C:\WINDOWS\System32\90da5tezl1770.exe moved successfully.
C:\WINDOWS\System32\5c519zief1975.exe moved successfully.
C:\WINDOWS\System32\179555roj9z5.exe moved successfully.
C:\WINDOWS\900zh5ef2590.dll moved successfully.
C:\WINDOWS\System32\29z5vir1715.dll moved successfully.
C:\WINDOWS\System32\z3189p5mbot6bf.exe moved successfully.
C:\WINDOWS\System32\475395rmdz.exe moved successfully.
C:\WINDOWS\7z92sparse9875.exe moved successfully.
C:\WINDOWS\System32\4286dow9l5zder302.dll moved successfully.
C:\WINDOWS\System32\3186ztroj9775.exe moved successfully.
C:\WINDOWS\49e0spzrse5872.bin moved successfully.
C:\WINDOWS\1552sparse139z.dll moved successfully.
C:\WINDOWS\z320back5oo9770.bin moved successfully.
C:\WINDOWS\System32\337a9d5arz1863.bin moved successfully.
C:\WINDOWS\System32\qvsmplno.dll moved successfully.
C:\WINDOWS\System32\rvmrbsfv.dll moved successfully.
C:\WINDOWS\24853not-a-zi9us2d.exe moved successfully.
C:\WINDOWS\System32\xymfuyml.dll moved successfully.
C:\WINDOWS\System32\nfmereld.dll moved successfully.
C:\WINDOWS\System32\gcfqasho.dll moved successfully.
C:\WINDOWS\System32\ixjfjyyu.dll moved successfully.
C:\WINDOWS\System32\10959tro55z0.exe moved successfully.
C:\WINDOWS\System32\6aebzparse9215.dll moved successfully.
C:\WINDOWS\System32\66z3v5r2693.bin moved successfully.
C:\WINDOWS\18559t9oj5zc.bin moved successfully.
C:\WINDOWS\56198spy7z8.exe moved successfully.
C:\WINDOWS\System32\68359py3zd.exe moved successfully.
C:\WINDOWS\System32\2fdaadd5a9e13z2.bin moved successfully.
C:\WINDOWS\System32\2990troj25z.dll moved successfully.
C:\WINDOWS\System32\969backd95r108z.exe moved successfully.
C:\WINDOWS\5b29zir1154.bin moved successfully.
C:\WINDOWS\System32\199addza5e3191.exe moved successfully.
C:\WINDOWS\System32\95933troz113.exe moved successfully.
C:\WINDOWS\19154zpy6e9.dll moved successfully.
C:\WINDOWS\System32\15944t9o531cz.exe moved successfully.
C:\WINDOWS\5725spa9sz400.bin moved successfully.
C:\WINDOWS\355z9troj13.dll moved successfully.
C:\WINDOWS\System32\4c4dsp5zs9374.bin moved successfully.
C:\WINDOWS\5ecv5z954.dll moved successfully.
C:\WINDOWS\System32\11392z9yd5.exe moved successfully.
C:\WINDOWS\System32\13056troz5f9.exe moved successfully.
C:\WINDOWS\System32\3851zroj592.dll moved successfully.
C:\WINDOWS\4dcfba5zdoor2972.dll moved successfully.
C:\WINDOWS\System32\159bspars968z.dll moved successfully.
C:\WINDOWS\29427zpya25.dll moved successfully.
C:\WINDOWS\aa7s9zrs52585.bin moved successfully.
C:\WINDOWS\System32\25759wo957z0.exe moved successfully.
C:\WINDOWS\System32\75229t5zl1491.bin moved successfully.
C:\WINDOWS\3d62sp9wa5z3151.bin moved successfully.
C:\WINDOWS\5479woz5609.bin moved successfully.
C:\WINDOWS\6c95vir54z1.bin moved successfully.
C:\WINDOWS\System32\5961zparse7059.exe moved successfully.
C:\WINDOWS\System32\5493vi9520z.dll moved successfully.
C:\WINDOWS\1edthre9529463z.bin moved successfully.
C:\WINDOWS\5f585zief1962.bin moved successfully.
C:\WINDOWS\53769paz5ot777.bin moved successfully.
C:\WINDOWS\System32\31552zpy19a.exe moved successfully.
C:\WINDOWS\10469s9a5bot5ebz.exe moved successfully.
C:\WINDOWS\System32\8c49irz58.bin moved successfully.
C:\WINDOWS\15455troz2a39.bin moved successfully.
C:\WINDOWS\System32\5d5zvir14639.bin moved successfully.
C:\WINDOWS\System32\793f5ir20z1.dll moved successfully.
C:\WINDOWS\4z93vi5519.bin moved successfully.
C:\WINDOWS\System32\1898szy9ar5423.bin moved successfully.
C:\WINDOWS\513zhie59813.bin moved successfully.
C:\WINDOWS\System32\31605hrea926099z.exe moved successfully.
C:\WINDOWS\98d2st5az1817.bin moved successfully.
C:\WINDOWS\System32\4505z9rm5e1.dll moved successfully.
C:\WINDOWS\System32\z1e6st5a91147.bin moved successfully.
C:\WINDOWS\System32\21842w95m8z.bin moved successfully.
C:\WINDOWS\System32\54d99ack5zor1904.bin moved successfully.
C:\WINDOWS\22996sz5mbot5e59.dll moved successfully.
C:\WINDOWS\System32\49559i5315z.exe moved successfully.
C:\WINDOWS\System32\12584spy915z.exe moved successfully.
C:\WINDOWS\System32\589th9eaz56573.dll moved successfully.
C:\WINDOWS\z71sp95se598.bin moved successfully.
C:\WINDOWS\775b9pzrse1952.dll moved successfully.
C:\WINDOWS\System32\15705spy29z.dll moved successfully.
C:\WINDOWS\System32\64759ir2885z.exe moved successfully.
C:\WINDOWS\System32\5b8e95ckzoor1458.exe moved successfully.
C:\WINDOWS\System32\5ccas9arze5236.bin moved successfully.
C:\WINDOWS\System32\z485o9m74b.dll moved successfully.
C:\WINDOWS\System32\z8168s5y3f9.dll moved successfully.
C:\WINDOWS\System32\1052095rus53ez.exe moved successfully.
C:\WINDOWS\System32\75dbackz9or5090.exe moved successfully.
C:\WINDOWS\System32\4b4e5ddwa9z1485.bin moved successfully.
C:\WINDOWS\System32\27aaddwa5z2955.dll moved successfully.
C:\WINDOWS\System32\7331s9a5zot7ff.exe moved successfully.
C:\WINDOWS\39zbsparse1518.bin moved successfully.
C:\WINDOWS\6012zdd5ar91429.bin moved successfully.
C:\WINDOWS\System32\92a05hzef1526.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Maria Tobar\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Maria Tobar\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: Alicia Muratalla
->Temp folder emptied: 1033461191 bytes
->Temporary Internet Files folder emptied: 136084563 bytes
->Java cache emptied: 14213869 bytes
->FireFox cache emptied: 6943478 bytes
->Flash cache emptied: 13711 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Enrique Muratalla
->Temp folder emptied: 1335419 bytes
->Temporary Internet Files folder emptied: 147087129 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3196803 bytes
->Flash cache emptied: 11297 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Maria Tobar
->Temp folder emptied: 10770134 bytes
->Temporary Internet Files folder emptied: 4730563 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 56600769 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 17261 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 73569619 bytes

Total Files Cleaned = 1,419.00 mb


[EMPTYFLASH]

User: Administrator

User: Alicia Muratalla
->Flash cache emptied: 0 bytes

User: All Users

User: Application Data

User: Default User

User: Enrique Muratalla
->Flash cache emptied: 0 bytes

User: LocalService

User: Maria Tobar
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.4 log created on 08202011_103821

Files\Folders moved on Reboot...
C:\Documents and Settings\Maria Tobar\Local Settings\Temp\WCESLog.log moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:04 PM

Posted 20 August 2011 - 02:25 PM

Good evening. :)

By any chance can you get Windows to update now?

So long, and thanks for all the fish.

 

 


#13 datkwikracer

datkwikracer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 20 August 2011 - 03:18 PM

I get the same error code.

When I first go to the windows update site it tells me to "Get the latest Windows Update software." I then click "Install now." I then get "Windows Update is downloading and installing the updated software." Then a percentage shows progress of downloading, then copying, and finally registering. They all reach 100% then I get:

Error number: 0x80070002]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

I tried the options and none helped. Is there a way to check which updates I do have and which ones I might need. Or is there another way to get the updates besides Microsoft?

Thanks again for your help.

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:04 PM

Posted 20 August 2011 - 03:22 PM

Have you tried this solution: http://support.microsoft.com/kb/910336 - click the Microsoft FixIt icon for the automated tool.

So long, and thanks for all the fish.

 

 


#15 datkwikracer

datkwikracer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 20 August 2011 - 04:56 PM

Yes, I tried them before my initial post here.

I also tried it just now.

I did the default fix it first and it didn't work. I then tried the aggressive fix it and it didn't work. Finally I did the "let me fix it myself" and that didn't work.

Thanks again for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users