Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect plus MSE unusuable.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Jayson201

Jayson201

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 11 September 2011 - 03:19 PM

Broni had directed me here, but I kindly refused as I didn't want to bother you guys while everyone else has a similar problem, but I couldn't figure out what was wrong with my computer, because other than the google redirect, my problems a bit unique. I apologize for any late responses on my part, in advance. School started last Tuesday, so I wont have as much free time.

VERY SIMPLY PUT, I cannot use Microsoft Security Essentials, AT ALL, no matter how many times I uninstall, reinstall, rinse and repeat, and every google, Yahoo, Bing, and Ask search gets redirected to some irrelevant spam website that has nothing to do a search such as "What's the 2.5mm cable of a TI 83 Plus for?"ns

So far, I do my best to avoid google (which really doesn't help because I still use it a lot, I just have to click on the "cached" link instead of the result link)
and I have removed MSE until further instruction.


Link to my topic with Broni in AII:

http://www.bleepingcomputer.com/forums/topic417061.html/page__p__2393452__fromsearch__1#entry2393452

Here are the logs requested, and the attachments as well.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Jayson at 14:53:54 on 2011-09-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2317 [GMT -4:00]
.
.
============== Running Processes ===============
.
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
F:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
F:\Program Files\ASUS\ATK Hotkey\HControl.exe
F:\Program Files\ASUS\ATK Media\DMedia.exe
F:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSound_XP.exe
F:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\libusbd-nt.exe
F:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\system32\SearchIndexer.exe
F:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
F:\Program Files\ASUS\ATK Hotkey\WDC.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Mozilla Firefox\plugin-container.exe
f:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - f:\program files\nch_en\tbNCH_.dll
uURLSearchHooks: MiniEvony Toolbar: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - f:\program files\minievony\prxtbMin0.dll
mWinlogon: UIHost=f:\windows\system32\logonui.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MiniEvony Toolbar: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - f:\program files\minievony\prxtbMin0.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - f:\program files\conduitengine\ConduitEngine.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - f:\program files\nch_en\tbNCH_.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - f:\program files\nch_en\tbNCH_.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - f:\program files\conduitengine\ConduitEngine.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
TB: MiniEvony Toolbar: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - f:\program files\minievony\prxtbMin0.dll
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [Google Update] "f:\documents and settings\jayson\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] f:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] f:\windows\system32\hkcmd.exe
mRun: [Persistence] f:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] f:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [HControlUser] f:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKHOTKEY] f:\program files\asus\atk hotkey\HControl.exe
mRun: [ATKMEDIA] f:\program files\asus\atk media\DMedia.exe
mRun: [GUCI_AVS] f:\windows\pixart\pap7501\GUCI_AVS.exe
dRun: [DWQueuedReporting] "f:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\srspre~1.lnk - f:\program files\srs labs\srs premium sound\SRSPremiumSound_XP.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - f:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5640CCA4-D650-40FE-A9A8-49BE8C884BD2} : DhcpNameServer = 10.0.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - f:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\documents and settings\jayson\application data\mozilla\firefox\profiles\6rcer52f.default\
FF - plugin: f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: f:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: f:\documents and settings\jayson\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: f:\documents and settings\jayson\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: f:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: f:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: f:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: f:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: f:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: f:\program files\nos\bin\np_gp.dll
FF - plugin: f:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;f:\windows\system32\drivers\GUCI_AVS.sys [2011-8-9 596992]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;f:\windows\system32\drivers\libusb0.sys [2011-4-25 33792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;f:\windows\system32\drivers\viahduaa.sys [2011-2-7 1057280]
S1 MpKslb0fb8f6c;MpKslb0fb8f6c;\??\f:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfaae915-c5e8-415b-8f62-baf41b92fc62}\mpkslb0fb8f6c.sys --> f:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfaae915-c5e8-415b-8f62-baf41b92fc62}\MpKslb0fb8f6c.sys [?]
S1 MpKsld63c0c4d;MpKsld63c0c4d;\??\f:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73e830b3-da89-4f5d-8e59-20492ad2e344}\mpksld63c0c4d.sys --> f:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{73e830b3-da89-4f5d-8e59-20492ad2e344}\MpKsld63c0c4d.sys [?]
S1 SASDIFSV;SASDIFSV;\??\f:\docume~1\jayson\locals~1\temp\sas_selfextract\sasdifsv.sys --> f:\docume~1\jayson\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\f:\docume~1\jayson\locals~1\temp\sas_selfextract\saskutil.sys --> f:\docume~1\jayson\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);f:\program files\google\update\GoogleUpdate.exe [2011-5-10 136176]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\google\update\GoogleUpdate.exe [2011-5-10 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;f:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 SWDUMon;SWDUMon;f:\windows\system32\drivers\SWDUMon.sys [2011-8-9 12984]
.
=============== Created Last 30 ================
.
2011-09-08 22:22:52 -------- d-----w- f:\program files\CCleaner
2011-09-03 10:17:37 599040 -c----w- f:\windows\system32\dllcache\crypt32.dll
2011-09-03 04:07:26 -------- d-----w- F:\_OTL
2011-09-02 04:44:09 1446264 ----a-w- f:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
2011-09-01 22:17:06 -------- d-----w- f:\program files\ESET
2011-09-01 20:44:49 404640 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-30 07:35:00 5632 ----a-w- f:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-08-30 06:59:19 62976 --sha-r- f:\windows\system32\msh2638.dll
2011-08-30 06:39:26 -------- d-----w- f:\documents and settings\jayson\application data\Origin
2011-08-30 06:39:11 -------- d-----w- f:\documents and settings\jayson\local settings\application data\Origin
2011-08-30 06:38:59 -------- d-----w- f:\documents and settings\all users\application data\Origin
2011-08-30 06:38:59 -------- d-----w- f:\documents and settings\all users\application data\Electronic Arts
2011-08-22 18:48:59 -------- d-----w- f:\documents and settings\jayson\application data\VOX
2011-08-14 03:26:57 -------- d-----w- f:\documents and settings\jayson\application data\SUPERAntiSpyware.com
2011-08-14 03:26:57 -------- d-----w- f:\documents and settings\all users\application data\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2011-09-03 10:17:37 599040 ----a-w- f:\windows\system32\crypt32.dll
2011-08-16 00:35:37 12984 ----a-w- f:\windows\system32\drivers\SWDUMon.sys
2011-07-19 09:05:24 472808 ----a-w- f:\windows\system32\deployJava1.dll
2011-07-19 06:40:05 73728 ----a-w- f:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- f:\windows\system32\drivers\mrxsmb.sys
2011-07-13 22:01:12 24 ----a-w- f:\windows\DUKE3D.BAT
2011-07-13 21:44:11 499712 ----a-w- f:\windows\system32\msvcp71.dll
2011-07-13 21:44:11 348160 ----a-w- f:\windows\system32\msvcr71.dll
2011-07-08 14:02:00 10496 ----a-w- f:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- f:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- f:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- f:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- f:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- f:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- f:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- f:\windows\system32\winsrv.dll
.
============= FINISH: 14:54:24.00 ===============


__________________________________________________________________________
_________________________________________________________________________





Kudos to you all, for your ability and patience to go through logs and see things that are probable issues or some sort of variability.

I will be very patient in waiting for a response, and I thank you, and everyone else on the malware team for your help. :)

If I missed something, please let me know.

Edit: Just realized I spelled unusable wrong. Oh well. :) In the meantime, I'll be doing maintenance on my dad's desktop I'll be checking back here. :3

Attached Files


Edited by Jayson201, 11 September 2011 - 05:18 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:40 AM

Posted 12 September 2011 - 03:27 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 Jayson201

Jayson201
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 12 September 2011 - 05:22 PM

Here's the TDSSKiller log, Thanks in advance for every second in your time,

2011/09/12 18:14:01.0546 3788 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
2011/09/12 18:14:01.0812 3788 ================================================================================
2011/09/12 18:14:01.0812 3788 SystemInfo:
2011/09/12 18:14:01.0812 3788
2011/09/12 18:14:01.0812 3788 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/12 18:14:01.0812 3788 Product type: Workstation
2011/09/12 18:14:01.0812 3788 ComputerName: MARVIN
2011/09/12 18:14:01.0812 3788 UserName: Jayson
2011/09/12 18:14:01.0812 3788 Windows directory: F:\WINDOWS
2011/09/12 18:14:01.0812 3788 System windows directory: F:\WINDOWS
2011/09/12 18:14:01.0812 3788 Processor architecture: Intel x86
2011/09/12 18:14:01.0812 3788 Number of processors: 2
2011/09/12 18:14:01.0812 3788 Page size: 0x1000
2011/09/12 18:14:01.0812 3788 Boot type: Normal boot
2011/09/12 18:14:01.0812 3788 ================================================================================
2011/09/12 18:14:03.0640 3788 Initialize success
2011/09/12 18:20:46.0375 1620 ================================================================================
2011/09/12 18:20:46.0375 1620 Scan started
2011/09/12 18:20:46.0375 1620 Mode: Manual;
2011/09/12 18:20:46.0375 1620 ================================================================================
2011/09/12 18:20:46.0781 1620 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/12 18:20:46.0812 1620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/12 18:20:46.0859 1620 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
2011/09/12 18:20:46.0906 1620 AFD (355556d9e580915118cd7ef736653a89) F:\WINDOWS\System32\drivers\afd.sys
2011/09/12 18:20:47.0140 1620 AR5416 (c413e2e549488a5f1969decb5b03187a) F:\WINDOWS\system32\DRIVERS\athw.sys
2011/09/12 18:20:47.0343 1620 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) F:\PROGRA~1\ASUS\ATKHOT~1\ASNDIS5.SYS
2011/09/12 18:20:47.0390 1620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/12 18:20:47.0421 1620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/12 18:20:47.0515 1620 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/12 18:20:47.0578 1620 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/12 18:20:47.0625 1620 AX88772 (9aedcad0fb2f7cbc0ed35ffc61680a1c) F:\WINDOWS\system32\DRIVERS\ax88772.sys
2011/09/12 18:20:47.0687 1620 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
2011/09/12 18:20:47.0796 1620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/12 18:20:47.0812 1620 CCDECODE (0be5aef125be881c4f854c554f2b025c) F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/12 18:20:47.0843 1620 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/12 18:20:47.0875 1620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/12 18:20:47.0906 1620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/12 18:20:47.0921 1620 CmBatt (0f6c187d38d98f8df904589a5f94d411) F:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/12 18:20:47.0953 1620 Compbatt (6e4c9f21f0fae8940661144f41b13203) F:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/12 18:20:48.0015 1620 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/12 18:20:48.0062 1620 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
2011/09/12 18:20:48.0187 1620 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\drivers\dmio.sys
2011/09/12 18:20:48.0218 1620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
2011/09/12 18:20:48.0250 1620 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
2011/09/12 18:20:48.0281 1620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/12 18:20:48.0328 1620 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) F:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/09/12 18:20:48.0359 1620 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/12 18:20:48.0468 1620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\drivers\Fdc.sys
2011/09/12 18:20:48.0484 1620 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
2011/09/12 18:20:48.0484 1620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/12 18:20:48.0531 1620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/12 18:20:48.0578 1620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/12 18:20:48.0593 1620 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/12 18:20:48.0687 1620 ghaio (31b40f40e09513addc460f6a297ad474) F:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/09/12 18:20:48.0796 1620 giveio (77ebf3e9386daa51551af429052d88d0) F:\WINDOWS\system32\giveio.sys
2011/09/12 18:20:48.0906 1620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/12 18:20:48.0968 1620 GUCI_AVS (4627e2725f5a3e4249bd50b351363d35) F:\WINDOWS\system32\DRIVERS\GUCI_AVS.sys
2011/09/12 18:20:49.0093 1620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) F:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/12 18:20:49.0156 1620 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/12 18:20:49.0234 1620 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/12 18:20:49.0312 1620 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/12 18:20:49.0484 1620 ialm (364872e9c594af4bf0f742273cea0238) F:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/12 18:20:49.0609 1620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/12 18:20:49.0687 1620 intelppm (8c953733d8f36eb2133f5bb58808b66b) F:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/12 18:20:49.0718 1620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/12 18:20:49.0750 1620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/12 18:20:49.0750 1620 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/12 18:20:49.0781 1620 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/12 18:20:49.0906 1620 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/12 18:20:49.0953 1620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/12 18:20:50.0000 1620 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/12 18:20:50.0015 1620 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/12 18:20:50.0031 1620 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
2011/09/12 18:20:50.0078 1620 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/12 18:20:50.0187 1620 L1e (080cf8720a306a64f7a09d1226491791) F:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/09/12 18:20:50.0250 1620 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) F:\WINDOWS\system32\drivers\libusb0.sys
2011/09/12 18:20:50.0312 1620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/12 18:20:50.0375 1620 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
2011/09/12 18:20:50.0468 1620 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) F:\WINDOWS\system32\drivers\monfilt.sys
2011/09/12 18:20:50.0593 1620 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/12 18:20:50.0640 1620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/12 18:20:50.0671 1620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/12 18:20:50.0765 1620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/12 18:20:50.0843 1620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/12 18:20:50.0921 1620 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
2011/09/12 18:20:50.0953 1620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/12 18:20:50.0984 1620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/12 18:20:51.0000 1620 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/12 18:20:51.0031 1620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/12 18:20:51.0031 1620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) F:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/12 18:20:51.0078 1620 MTsensor (1c0f480b7c6136ddb5fb909995af014a) F:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/09/12 18:20:51.0203 1620 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
2011/09/12 18:20:51.0250 1620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/12 18:20:51.0281 1620 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
2011/09/12 18:20:51.0296 1620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) F:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/12 18:20:51.0328 1620 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/12 18:20:51.0359 1620 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/12 18:20:51.0375 1620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/12 18:20:51.0484 1620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/12 18:20:51.0546 1620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/12 18:20:51.0562 1620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/12 18:20:51.0593 1620 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
2011/09/12 18:20:51.0625 1620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/12 18:20:51.0750 1620 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
2011/09/12 18:20:51.0812 1620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/12 18:20:51.0875 1620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/12 18:20:51.0906 1620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\drivers\Parport.sys
2011/09/12 18:20:51.0921 1620 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/12 18:20:51.0953 1620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/12 18:20:51.0953 1620 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/12 18:20:52.0000 1620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/12 18:20:52.0031 1620 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/12 18:20:52.0296 1620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/12 18:20:52.0375 1620 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/12 18:20:52.0406 1620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/12 18:20:52.0484 1620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/12 18:20:52.0500 1620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/12 18:20:52.0515 1620 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/12 18:20:52.0531 1620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/12 18:20:52.0546 1620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/12 18:20:52.0562 1620 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/12 18:20:52.0593 1620 rdpdr (15cabd0f7c00c47c70124907916af3f1) F:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/12 18:20:52.0718 1620 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) F:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/12 18:20:52.0750 1620 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/12 18:20:52.0937 1620 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/12 18:20:52.0984 1620 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\drivers\Serial.sys
2011/09/12 18:20:53.0062 1620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/12 18:20:53.0109 1620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) F:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/12 18:20:53.0171 1620 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) F:\WINDOWS\system32\speedfan.sys
2011/09/12 18:20:53.0312 1620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
2011/09/12 18:20:53.0343 1620 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/12 18:20:53.0390 1620 SRS_SSCFilter (a864d48cc592985df965df0180b7bf26) F:\WINDOWS\system32\drivers\srs_sscfilter.sys
2011/09/12 18:20:53.0421 1620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/12 18:20:53.0453 1620 streamip (77813007ba6265c4b6098187e6ed79d2) F:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/12 18:20:53.0484 1620 SWDUMon (5a8900251c6bb93f9fe9f2f556e3593e) F:\WINDOWS\system32\DRIVERS\SWDUMon.sys
2011/09/12 18:20:53.0578 1620 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/12 18:20:53.0593 1620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
2011/09/12 18:20:53.0671 1620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/12 18:20:53.0718 1620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/12 18:20:53.0828 1620 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/12 18:20:53.0843 1620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/12 18:20:53.0875 1620 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/12 18:20:53.0921 1620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
2011/09/12 18:20:53.0953 1620 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
2011/09/12 18:20:54.0000 1620 usbaudio (e919708db44ed8543a7c017953148330) F:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/12 18:20:54.0031 1620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/12 18:20:54.0140 1620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/12 18:20:54.0203 1620 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/12 18:20:54.0234 1620 usbstor (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/12 18:20:54.0250 1620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/12 18:20:54.0265 1620 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) F:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/12 18:20:54.0312 1620 VClone (94d73b62e458fb56c9ce60aa96d914f9) F:\WINDOWS\system32\DRIVERS\VClone.sys
2011/09/12 18:20:54.0421 1620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
2011/09/12 18:20:54.0515 1620 VIAHdAudAddService (bcd82dd4870000fc34be215fd116d371) F:\WINDOWS\system32\drivers\viahduaa.sys
2011/09/12 18:20:54.0625 1620 VolSnap (4c8fcb5cc53aab716d810740fe59d025) F:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/12 18:20:54.0656 1620 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/12 18:20:54.0718 1620 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) F:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/12 18:20:54.0828 1620 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/12 18:20:54.0890 1620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/12 18:20:54.0921 1620 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/12 18:20:54.0937 1620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/12 18:20:54.0984 1620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/12 18:20:55.0140 1620 Boot (0x1200) (19f5526f0f0413cde8651f2f92abe746) \Device\Harddisk0\DR0\Partition0
2011/09/12 18:20:55.0171 1620 Boot (0x1200) (37af3c0cf9056b6eb3d4f32f5b44f2bc) \Device\Harddisk0\DR0\Partition1
2011/09/12 18:20:55.0203 1620 Boot (0x1200) (657ba28b4cccf756ba45479646cc84e9) \Device\Harddisk0\DR0\Partition2
2011/09/12 18:20:55.0203 1620 ================================================================================
2011/09/12 18:20:55.0203 1620 Scan finished
2011/09/12 18:20:55.0203 1620 ================================================================================
2011/09/12 18:20:55.0203 1600 Detected object count: 0
2011/09/12 18:20:55.0203 1600 Actual detected object count: 0

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:40 AM

Posted 13 September 2011 - 02:37 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#5 Jayson201

Jayson201
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 13 September 2011 - 07:12 PM

Disabling my anti virus wasn't a big issue :3 <- and a corny joke. Onto that Combofix log you requested, here you go :D
Keep in mind that the host drive (Partition...) is F: because I have Windows 7 on C: and didn't want to get rid of it. But that hasn't been an issue with any programs yet, They automatically detect that.
I can't thank you enough for your time. :3

ComboFix 11-09-13.04 - Jayson 09/13/2011 19:59:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2326 [GMT -4:00]
Running from: f:\documents and settings\Jayson\Desktop\CFoimxbo.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
f:\documents and settings\Jayson\Local Settings\Application Data\ApplicationHistory
f:\documents and settings\Jayson\Local Settings\Application Data\ApplicationHistory\ngen.exe.3471e171.ini
f:\documents and settings\Jayson\Local Settings\Application Data\ApplicationHistory\SLE0.tmp.44990174.ini
f:\program files\Downloaded Installers
f:\program files\Downloaded Installers\{751f6a0b-fdec-47b6-b45d-7a1ae742a87a}\setup.msi
f:\windows\system32\d3d9caps.dat
f:\windows\system32\mfc100deu.dll
f:\windows\system32\result.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-13 23:50 . 2011-09-13 23:50 -------- d-----w- F:\CFoimxbo
2011-09-08 22:22 . 2011-09-08 22:22 -------- d-----w- f:\program files\CCleaner
2011-09-04 23:43 . 2011-09-04 23:43 -------- d-----w- f:\program files\Common Files\Java
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- f:\windows\system32\dllcache\crypt32.dll
2011-09-03 04:07 . 2011-09-03 04:07 -------- d-----w- F:\_OTL
2011-09-02 06:00 . 2011-09-02 06:00 -------- d-----w- f:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-09-02 04:44 . 2009-06-25 17:20 1446264 ----a-w- f:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2011-09-01 22:17 . 2011-09-01 22:17 -------- d-----w- f:\program files\ESET
2011-09-01 20:44 . 2011-09-01 20:44 404640 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-30 07:35 . 2004-10-22 06:16 5632 ----a-w- f:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-08-30 06:59 . 2011-08-30 06:59 62976 --sha-r- f:\windows\system32\msh2638.dll
2011-08-30 06:39 . 2011-08-30 06:39 -------- d-----w- f:\documents and settings\Jayson\Application Data\Origin
2011-08-30 06:39 . 2011-08-30 06:39 -------- d-----w- f:\documents and settings\Jayson\Local Settings\Application Data\Origin
2011-08-30 06:38 . 2011-08-30 06:40 -------- d-----w- f:\documents and settings\All Users\Application Data\Origin
2011-08-30 06:38 . 2011-08-30 06:38 -------- d-----w- f:\documents and settings\All Users\Application Data\Electronic Arts
2011-08-26 22:40 . 2011-08-26 22:40 -------- d-----w- f:\documents and settings\Administrator\Local Settings\Application Data\MiniEvony
2011-08-26 22:40 . 2011-08-26 22:40 -------- d-----w- f:\documents and settings\Administrator\Local Settings\Application Data\NCH_EN
2011-08-26 22:40 . 2011-08-26 22:40 -------- d-----w- f:\documents and settings\Administrator\Local Settings\Application Data\Apple
2011-08-22 18:48 . 2011-08-22 18:48 -------- d-----w- f:\documents and settings\Jayson\Application Data\VOX
2011-08-15 20:23 . 2011-08-15 20:23 -------- d-----w- f:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-04 12:00 599040 ----a-w- f:\windows\system32\crypt32.dll
2011-08-16 00:35 . 2011-08-09 09:17 12984 ----a-w- f:\windows\system32\drivers\SWDUMon.sys
2011-07-19 09:05 . 2011-02-08 22:05 472808 ----a-w- f:\windows\system32\deployJava1.dll
2011-07-19 06:40 . 2011-02-08 22:05 73728 ----a-w- f:\windows\system32\javacpl.cpl
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- f:\windows\system32\drivers\mrxsmb.sys
2011-07-13 22:01 . 2011-07-13 22:01 24 ----a-w- f:\windows\DUKE3D.BAT
2011-07-13 21:44 . 2003-03-19 01:14 499712 ----a-w- f:\windows\system32\msvcp71.dll
2011-07-13 21:44 . 2003-02-21 09:42 348160 ----a-w- f:\windows\system32\msvcr71.dll
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- f:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-02-11 03:17 41272 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-02-11 03:17 22712 ----a-w- f:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2011-02-08 00:59 139656 ----a-w- f:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- f:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 12:00 43520 ----a-w- f:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 12:00 1469440 ------w- f:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 12:00 385024 ----a-w- f:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- f:\windows\system32\winsrv.dll
2011-09-08 01:54 . 2011-04-19 00:44 134104 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "f:\program files\NCH_EN\tbNCH_.dll" [2010-12-09 3911776]
"{1aec5771-fcd6-4537-a6b7-5f1935fd527c}"= "f:\program files\MiniEvony\prxtbMin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}]
2011-05-09 09:49 176936 ----a-w- f:\program files\MiniEvony\prxtbMin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- f:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2010-12-09 17:51 3911776 ----a-w- f:\program files\NCH_EN\tbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "f:\program files\NCH_EN\tbNCH_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "f:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{1aec5771-fcd6-4537-a6b7-5f1935fd527c}"= "f:\program files\MiniEvony\prxtbMin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37483B40-C254-4A72-BDA4-22EE90182C1E}"= "f:\program files\NCH_EN\tbNCH_.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "f:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{1AEC5771-FCD6-4537-A6B7-5F1935FD527C}"= "f:\program files\MiniEvony\prxtbMin0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{1aec5771-fcd6-4537-a6b7-5f1935fd527c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="f:\windows\system32\igfxtray.exe" [2010-09-21 129536]
"HotKeysCmds"="f:\windows\system32\hkcmd.exe" [2010-09-21 163328]
"Persistence"="f:\windows\system32\igfxpers.exe" [2010-09-21 138752]
"HDAudDeck"="f:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-03-23 33599488]
"HControlUser"="f:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKHOTKEY"="f:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-07-16 178744]
"ATKMEDIA"="f:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"GUCI_AVS"="f:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2009-09-17 314880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="f:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
f:\documents and settings\All Users\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - f:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSound_XP.exe [2009-10-28 3372336]
Windows Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="f:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
2002-09-03 23:38 987187 ----a-w- f:\program files\WinCustomize\LogonStudio\LogonStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- f:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-07-13 21:44 273544 ----a-w- f:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ATKOSD2"=f:\program files\ASUS\ATKOSD2\ATKOSD2.exe
"TkBellExe"="f:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"VirtualCloneDrive"="f:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"f:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Program Files\\ooVoo\\ooVoo.exe"=
"f:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;f:\windows\system32\drivers\GUCI_AVS.sys [8/9/2011 5:22 AM 596992]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;f:\windows\system32\drivers\libusb0.sys [4/25/2011 8:10 PM 33792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;f:\windows\system32\drivers\viahduaa.sys [2/7/2011 11:04 PM 1057280]
S1 MpKslb0fb8f6c;MpKslb0fb8f6c;\??\f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAAE915-C5E8-415B-8F62-BAF41B92FC62}\MpKslb0fb8f6c.sys --> f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFAAE915-C5E8-415B-8F62-BAF41B92FC62}\MpKslb0fb8f6c.sys [?]
S1 MpKsld63c0c4d;MpKsld63c0c4d;\??\f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73E830B3-DA89-4F5D-8E59-20492AD2E344}\MpKsld63c0c4d.sys --> f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73E830B3-DA89-4F5D-8E59-20492AD2E344}\MpKsld63c0c4d.sys [?]
S1 SASDIFSV;SASDIFSV;\??\f:\docume~1\Jayson\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> f:\docume~1\Jayson\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\f:\docume~1\Jayson\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> f:\docume~1\Jayson\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [5/10/2011 7:01 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe [5/10/2011 7:01 PM 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;f:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 8:00 AM 14336]
S3 SWDUMon;SWDUMon;f:\windows\system32\drivers\SWDUMon.sys [8/9/2011 5:17 AM 12984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-09-10 f:\windows\Tasks\debutShakeIcon.job
- f:\program files\NCH Software\Debut\debut.exe [2011-02-11 02:16]
.
2011-09-01 f:\windows\Tasks\doxillionShakeIcon.job
- f:\program files\NCH Software\Doxillion\doxillion.exe [2011-04-28 21:43]
.
2011-09-13 f:\windows\Tasks\GlaryInitialize.job
- f:\program files\Glary Utilities\initialize.exe [2011-02-27 21:24]
.
2011-09-13 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 23:01]
.
2011-09-13 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 23:01]
.
2011-09-11 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-515967899-1801674531-1003Core.job
- f:\documents and settings\Jayson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 21:27]
.
2011-09-13 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-515967899-1801674531-1003UA.job
- f:\documents and settings\Jayson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-13 21:27]
.
2011-05-12 f:\windows\Tasks\prismShakeIcon.job
- f:\program files\NCH Software\Prism\prism.exe [2011-04-08 00:33]
.
2011-09-13 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-515967899-1801674531-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-515967899-1801674531-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-02-25 f:\windows\Tasks\videopadShakeIcon.job
- f:\program files\NCH Software\VideoPad\videopad.exe [2011-02-12 03:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - f:\documents and settings\Jayson\Application Data\Mozilla\Firefox\Profiles\6rcer52f.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 20:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = f:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
Completion time: 2011-09-13 20:03:57
ComboFix-quarantined-files.txt 2011-09-14 00:03
.
Pre-Run: 49,707,712,512 bytes free
Post-Run: 49,735,426,048 bytes free
.
- - End Of File - - 7317F55E9548755286B5DDE7248A5146



I did a search through google and it didn't redirect. I'll do some more searches to see what happens. I'll google modern warfare 3, and I'll google ATI Radeon 5870 and then Legend of Zelda :3

Yea, So far it hasn't been redirecting. Should I try to re install Microsoft Security Essentials, or wait a day to see if the redirecting comes back...or both? It's all your call, I'm just your puppet :) Thanks againnn :D

Edited by Jayson201, 13 September 2011 - 07:33 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:40 AM

Posted 14 September 2011 - 02:26 PM

Good evening. :)

Try MSE again and, if all goes well, let it full scan and fix what it finds - let me know how you get on.

So long, and thanks for all the fish.

 

 


#7 Jayson201

Jayson201
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 14 September 2011 - 03:05 PM

I installed MSE and it actually started the program after the install instead of not letting me run the program at all. As of right now I am getting zero redirects, and I can run MSE no proble. that full scan will take an hour or two, so I'll get back on that.

Thank you very very much, again :3

#8 Jayson201

Jayson201
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 15 September 2011 - 09:03 PM

I'm still running clean. MSE is working, I can look up as many tabs as I want (I play guitar :D ) I can google anything and not get redirected. :3
Thanks again, and again, and again

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:40 AM

Posted 16 September 2011 - 02:40 PM

Good evening. :)

I think that a little look for leftover trash that you could have on your system that we might as well get rid of now we're here, and then you should be on your way.

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#10 Jayson201

Jayson201
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 16 September 2011 - 05:28 PM

Here's one

OTL logfile created on: 9/16/2011 4:55:47 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = F:\Documents and Settings\Jayson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.85% Memory free
4.81 Gb Paging File | 3.94 Gb Available in Paging File | 82.04% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 127.15 Gb Total Space | 45.37 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.78 Gb Free Space | 69.63% Space Free | Partition Type: NTFS
Drive F: | 166.94 Gb Total Space | 46.01 Gb Free Space | 27.56% Space Free | Partition Type: NTFS

Computer Name: MARVIN | User Name: Jayson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/16 16:52:00 | 000,581,632 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Jayson\desktop\OTL.scr
PRC - [2011/09/07 21:54:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- f:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/10/28 08:05:50 | 003,372,336 | ---- | M] (SRS Labs, Inc.) -- F:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSound_XP.exe
PRC - [2009/09/17 11:44:52 | 000,314,880 | ---- | M] (PixArt Imaging Incorporation) -- F:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
PRC - [2009/07/16 10:07:54 | 000,178,744 | ---- | M] (ASUS) -- F:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- F:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- F:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/04/20 11:09:30 | 000,159,744 | ---- | M] (ASUS) -- F:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- F:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- F:\WINDOWS\system32\libusbd-nt.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 21:54:32 | 001,846,232 | ---- | M] () -- F:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/01 16:44:48 | 006,277,280 | ---- | M] () -- F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/06/19 10:29:24 | 000,170,552 | ---- | M] () -- F:\Program Files\ASUS\ATK Hotkey\ASUSNet.dll
MOD - [2007/09/14 10:00:52 | 000,147,456 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\SPDISKEX.dll
MOD - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
MOD - [2006/04/04 10:24:24 | 000,036,864 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
MOD - [2005/08/29 15:24:22 | 000,081,920 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
MOD - [2005/04/07 19:25:46 | 000,077,824 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
MOD - [2003/11/28 02:11:04 | 000,135,168 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\spos.dll
MOD - [2003/09/09 16:08:00 | 000,049,152 | ---- | M] () -- F:\Program Files\ASUS\NB Probe\SPM\spdmi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - [2011/05/07 14:12:09 | 000,072,704 | ---- | M] (SRS Labs) [On_Demand | Stopped] -- F:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe -- (SRS Labs License Service)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- f:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- F:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- F:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/09/16 15:07:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- f:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{128EC88F-93BB-41C9-B811-359132CD9C46}\MpKsl77eca4f4.sys -- (MpKsl77eca4f4)
DRV - [2011/08/15 20:35:37 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/02/07 22:25:47 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2010/12/18 07:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- F:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/08/04 05:33:28 | 000,061,696 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2010/01/09 02:39:14 | 000,596,992 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2009/08/05 07:16:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/03/20 14:21:28 | 001,057,280 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/02/14 14:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/08/28 06:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/08/03 00:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- F:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006/10/09 10:18:10 | 000,034,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\SRS_SSCFilter.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/05/27 18:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- F:\Program Files\ASUS\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- F:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - F:\Program Files\MiniEvony\prxtbMin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - F:\Program Files\NCH_EN\tbNCH_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: f:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.97: F:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: f:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: f:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: f:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Documents and Settings\Jayson\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Documents and Settings\Jayson\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: F:\Documents and Settings\Jayson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/13 17:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2011/09/07 21:54:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2011/09/05 01:23:56 | 000,000,000 | ---D | M]

[2011/09/01 22:14:07 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Jayson\Application Data\Mozilla\Extensions
[2011/09/01 16:51:12 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Jayson\Application Data\Mozilla\Firefox\Profiles\zyrcv0zu.default\extensions
[2011/09/01 16:51:12 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Jayson\Application Data\Mozilla\Firefox\Profiles\zyrcv0zu.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2011/09/04 19:43:08 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/02/08 18:05:18 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/04 19:43:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/13 17:44:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- F:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/08 18:05:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- F:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/26 16:27:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 21:54:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 00:43:35 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/13 20:02:48 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - F:\Program Files\MiniEvony\prxtbMin0.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - F:\Program Files\NCH_EN\tbNCH_.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - F:\Program Files\MiniEvony\prxtbMin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - F:\Program Files\NCH_EN\tbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MiniEvony Toolbar) - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - F:\Program Files\MiniEvony\prxtbMin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - F:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - F:\Program Files\NCH_EN\tbNCH_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATKHOTKEY] F:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] F:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [GUCI_AVS] F:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [HControlUser] F:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MSC] f:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\SRS Premium Sound.lnk = F:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSound_XP.exe (SRS Labs, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5640CCA4-D650-40FE-A9A8-49BE8C884BD2}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) -F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - F:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/07 21:03:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/08 18:48:52 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/16 16:52:25 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2011/09/16 16:51:43 | 000,581,632 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Jayson\Desktop\OTL.scr
[2011/09/14 15:47:26 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Security Client
[2011/09/13 19:51:01 | 000,518,144 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2011/09/13 19:51:01 | 000,406,528 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2011/09/13 19:51:01 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2011/09/13 19:51:01 | 000,060,416 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2011/09/13 19:50:22 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2011/09/13 19:50:20 | 000,000,000 | ---D | C] -- F:\CFoimxbo
[2011/09/13 19:50:17 | 000,000,000 | ---D | C] -- F:\Qoobox
[2011/09/13 16:29:41 | 004,207,571 | R--- | C] (Swearware) -- F:\Documents and Settings\Jayson\Desktop\CFoimxbo.exe
[2011/09/12 18:13:44 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Jayson\Desktop\tdsskiller
[2011/09/11 15:00:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Jayson\Desktop\gmer
[2011/09/11 14:53:54 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Jayson\Start Menu\Programs\Administrative Tools
[2011/09/11 14:53:06 | 000,607,260 | R--- | C] (Swearware) -- F:\Documents and Settings\Jayson\Desktop\dds.scr
[2011/09/08 18:30:52 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\Jayson\Recent
[2011/09/08 18:22:53 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/09/08 18:22:52 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2011/09/04 19:43:18 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Java
[2011/09/03 00:07:26 | 000,000,000 | ---D | C] -- F:\_OTL
[2011/09/02 22:43:52 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Jayson\Desktop\GooredFix Backups
[2011/09/02 02:00:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/09/02 02:00:35 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/09/01 22:13:19 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Jayson\Desktop\TDSS
[2011/09/01 18:17:06 | 000,000,000 | ---D | C] -- F:\Program Files\ESET
[2011/09/01 13:38:05 | 000,000,000 | -HSD | C] -- F:\WINDOWS\CSC
[2011/08/30 02:39:26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Jayson\Application Data\Origin
[2011/08/30 02:39:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Jayson\Local Settings\Application Data\Origin
[2011/08/30 02:39:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Origin
[2011/08/30 02:38:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Origin
[2011/08/30 02:38:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/08/22 14:48:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Jayson\Application Data\VOX
[2011/02/07 22:52:03 | 000,004,096 | ---- | C] ( ) -- F:\WINDOWS\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/09/16 16:57:00 | 000,000,982 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-515967899-1801674531-1003UA.job
[2011/09/16 16:52:00 | 000,581,632 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Jayson\Desktop\OTL.scr
[2011/09/16 16:42:00 | 000,000,886 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/16 15:12:55 | 000,000,424 | -H-- | M] () -- F:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/16 15:08:08 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2011/09/16 15:07:48 | 000,000,314 | ---- | M] () -- F:\WINDOWS\tasks\GlaryInitialize.job
[2011/09/16 15:07:48 | 000,000,280 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-515967899-1801674531-1003.job
[2011/09/16 15:07:42 | 000,000,882 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/16 15:07:39 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2011/09/16 15:07:37 | 3184,619,520 | -HS- | M] () -- F:\hiberfil.sys
[2011/09/14 20:58:20 | 000,002,293 | ---- | M] () -- F:\Documents and Settings\Jayson\Desktop\Google Chrome.lnk
[2011/09/14 20:58:20 | 000,002,271 | ---- | M] () -- F:\Documents and Settings\Jayson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/14 15:48:33 | 000,001,945 | ---- | M] () -- F:\WINDOWS\epplauncher.mif
[2011/09/13 20:02:48 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2011/09/13 19:50:35 | 004,207,571 | R--- | M] (Swearware) -- F:\Documents and Settings\Jayson\Desktop\CFoimxbo.exe
[2011/09/12 18:04:02 | 001,386,346 | ---- | M] () -- F:\Documents and Settings\Jayson\Desktop\tdsskiller.zip
[2011/09/11 14:59:10 | 000,294,216 | ---- | M] () -- F:\Documents and Settings\Jayson\Desktop\gmer.zip
[2011/09/11 14:57:00 | 000,000,930 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-515967899-1801674531-1003Core.job
[2011/09/11 14:53:07 | 000,607,260 | R--- | M] (Swearware) -- F:\Documents and Settings\Jayson\Desktop\dds.scr
[2011/09/09 20:38:26 | 000,000,270 | ---- | M] () -- F:\WINDOWS\tasks\debutShakeIcon.job
[2011/09/09 18:40:00 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/08 22:13:35 | 000,000,288 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-515967899-1801674531-1003.job
[2011/09/08 18:22:53 | 000,000,682 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/08 18:19:02 | 000,000,024 | ---- | M] () -- F:\WINDOWS\LogonStudio.ini
[2011/09/05 20:36:39 | 000,128,000 | ---- | M] () -- F:\Documents and Settings\Jayson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 00:02:58 | 000,098,256 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/02 23:10:04 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\Jayson\defogger_reenable
[2011/09/02 01:54:34 | 000,000,736 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts3.bak
[2011/09/02 00:38:11 | 000,000,748 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts2.bak
[2011/08/31 21:37:40 | 000,000,286 | ---- | M] () -- F:\WINDOWS\tasks\doxillionShakeIcon.job
[2011/08/30 02:59:19 | 000,062,976 | RHS- | M] () -- F:\WINDOWS\System32\msh2638.dll
[2011/08/30 02:39:03 | 000,000,654 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/08/26 02:43:57 | 000,001,512 | ---- | M] () -- F:\Documents and Settings\Jayson\Desktop\shutdown.exe.lnk
[2011/08/18 22:20:09 | 010,290,912 | ---- | M] () -- F:\Documents and Settings\Jayson\Desktop\Untitled 150.avi

========== Files Created - No Company Name ==========

[2011/09/14 15:52:53 | 000,000,424 | -H-- | C] () -- F:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/14 15:47:34 | 000,001,680 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/13 19:51:01 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2011/09/13 19:51:01 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2011/09/13 19:51:01 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2011/09/13 19:51:01 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2011/09/13 19:51:01 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2011/09/12 18:04:01 | 001,386,346 | ---- | C] () -- F:\Documents and Settings\Jayson\Desktop\tdsskiller.zip
[2011/09/11 14:59:10 | 000,294,216 | ---- | C] () -- F:\Documents and Settings\Jayson\Desktop\gmer.zip
[2011/09/09 20:38:25 | 000,000,270 | ---- | C] () -- F:\WINDOWS\tasks\debutShakeIcon.job
[2011/09/08 18:22:53 | 000,000,682 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/02 23:10:04 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\Jayson\defogger_reenable
[2011/09/01 16:36:57 | 3184,619,520 | -HS- | C] () -- F:\hiberfil.sys
[2011/08/30 02:59:19 | 000,062,976 | RHS- | C] () -- F:\WINDOWS\System32\msh2638.dll
[2011/08/30 02:39:03 | 000,000,654 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Origin.lnk
[2011/08/18 22:20:03 | 010,290,912 | ---- | C] () -- F:\Documents and Settings\Jayson\Desktop\Untitled 150.avi
[2011/08/09 05:22:44 | 000,000,641 | ---- | C] () -- F:\WINDOWS\Remover.ini
[2011/08/09 05:22:42 | 000,002,307 | ---- | C] () -- F:\WINDOWS\System32\GUCI_AVS.ini
[2011/08/09 05:17:31 | 000,012,984 | ---- | C] () -- F:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/07/23 11:38:43 | 001,040,384 | ---- | C] () -- F:\WINDOWS\System32\RiceVideo.dll
[2011/07/23 11:38:43 | 000,888,832 | ---- | C] () -- F:\WINDOWS\System32\RiceVideo6.1.3DX9.dll
[2011/07/19 04:19:01 | 000,000,085 | ---- | C] () -- F:\Documents and Settings\Jayson\Application Data\RSBuddy_jayson201.ini
[2011/07/19 04:18:44 | 000,000,009 | ---- | C] () -- F:\Documents and Settings\Jayson\Application Data\RSBuddy Login.ini
[2011/05/07 14:05:06 | 000,047,360 | R--- | C] () -- F:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2011/05/07 14:05:06 | 000,047,104 | R--- | C] () -- F:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2011/05/07 14:05:06 | 000,042,112 | R--- | C] () -- F:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2011/05/07 14:05:06 | 000,039,808 | R--- | C] () -- F:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2011/04/25 23:17:14 | 000,487,744 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/25 20:10:02 | 000,033,792 | ---- | C] () -- F:\WINDOWS\System32\drivers\libusb0.sys
[2011/02/27 13:14:42 | 000,000,132 | ---- | C] () -- F:\WINDOWS\System32\rezumatenoi.dat
[2011/02/26 01:21:07 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\wsbl.dat
[2011/02/26 01:21:07 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_white.dat
[2011/02/26 01:21:07 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_summ.dat
[2011/02/26 01:21:07 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\ph_black.dat
[2011/02/26 01:21:07 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pcwords2.dat
[2011/02/26 01:21:07 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\pcwords.dat
[2011/02/25 21:47:51 | 000,000,016 | ---- | C] () -- F:\WINDOWS\System32\asdict.dat
[2011/02/25 21:47:51 | 000,000,004 | ---- | C] () -- F:\WINDOWS\System32\aspdict-en.dat
[2011/02/25 20:45:48 | 000,047,297 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/02/22 20:15:09 | 000,000,908 | ---- | C] () -- F:\WINDOWS\eReg.dat
[2011/02/18 17:22:20 | 000,002,560 | ---- | C] () -- F:\WINDOWS\_MSRSTRT.EXE
[2011/02/08 23:17:17 | 000,000,024 | ---- | C] () -- F:\WINDOWS\LogonStudio.ini
[2011/02/08 23:14:37 | 000,187,392 | ---- | C] () -- F:\WINDOWS\System32\JPGUtils.dll
[2011/02/08 18:18:02 | 000,000,556 | ---- | C] () -- F:\Documents and Settings\Jayson\Application Data\RSBot_Accounts.ini
[2011/02/08 17:44:01 | 000,000,000 | ---- | C] () -- F:\WINDOWS\nsreg.dat
[2011/02/07 22:57:19 | 000,128,000 | ---- | C] () -- F:\Documents and Settings\Jayson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/07 22:52:04 | 000,982,240 | ---- | C] () -- F:\WINDOWS\System32\igkrng500.bin
[2011/02/07 22:52:03 | 000,439,308 | ---- | C] () -- F:\WINDOWS\System32\igcompkrng500.bin
[2011/02/07 22:52:03 | 000,000,151 | ---- | C] () -- F:\WINDOWS\System32\GfxUI.exe.config
[2011/02/07 21:05:29 | 000,002,048 | --S- | C] () -- F:\WINDOWS\bootstat.dat
[2011/02/07 21:00:29 | 000,021,640 | ---- | C] () -- F:\WINDOWS\System32\emptyregdb.dat
[2011/02/07 15:16:32 | 000,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2011/02/07 15:15:27 | 000,098,256 | ---- | C] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- F:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- F:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- F:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- F:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- F:\WINDOWS\System32\gthrctr.ini
[2007/08/28 06:58:00 | 000,005,760 | ---- | C] () -- F:\WINDOWS\System32\drivers\ATKACPI.sys
[2006/10/09 10:18:10 | 000,034,048 | ---- | C] () -- F:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- F:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- F:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,497,936 | ---- | C] () -- F:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- F:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- F:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,085,654 | ---- | C] () -- F:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- F:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- F:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- F:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- F:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- F:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- F:\WINDOWS\System32\noise.dat
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- F:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/02/10 20:48:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Acoustica
[2011/08/30 02:38:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/08/30 02:40:09 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Origin
[2011/05/07 14:05:15 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SRS Labs
[2011/05/03 13:25:44 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/01 16:56:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Wondershare
[2011/02/10 20:49:25 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\Acoustica
[2011/05/04 23:03:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\BitDefender
[2011/02/07 23:11:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\GetRightToGo
[2011/05/03 12:57:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\GlarySoft
[2011/04/06 15:49:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\ImgBurn
[2011/05/16 16:09:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\Line 6
[2011/04/28 18:10:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\ooVoo Details
[2011/08/30 02:39:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\Origin
[2011/02/25 20:52:38 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\QuickScan
[2011/02/10 20:57:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\SynthMaker
[2011/05/04 21:35:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\SystemRequirementsLab
[2011/02/08 18:08:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\TeamViewer
[2011/04/10 14:24:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\Unity
[2011/09/08 22:01:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\uTorrent
[2011/08/22 14:48:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\VOX
[2011/02/25 22:00:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\Windows Desktop Search
[2011/02/26 01:17:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Jayson\Application Data\Windows Search
[2011/09/09 20:38:26 | 000,000,270 | ---- | M] () -- F:\WINDOWS\Tasks\debutShakeIcon.job
[2011/08/31 21:37:40 | 000,000,286 | ---- | M] () -- F:\WINDOWS\Tasks\doxillionShakeIcon.job
[2011/09/16 15:07:48 | 000,000,314 | ---- | M] () -- F:\WINDOWS\Tasks\GlaryInitialize.job
[2011/09/16 15:12:55 | 000,000,424 | -H-- | M] () -- F:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/11 23:01:22 | 000,000,270 | ---- | M] () -- F:\WINDOWS\Tasks\prismShakeIcon.job
[2011/02/24 23:10:01 | 000,000,282 | ---- | M] () -- F:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========



< End of report >

and two :3


OTL Extras logfile created on: 9/16/2011 4:55:47 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = F:\Documents and Settings\Jayson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.85% Memory free
4.81 Gb Paging File | 3.94 Gb Available in Paging File | 82.04% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 127.15 Gb Total Space | 45.37 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.78 Gb Free Space | 69.63% Space Free | Partition Type: NTFS
Drive F: | 166.94 Gb Total Space | 46.01 Gb Free Space | 27.56% Space Free | Partition Type: NTFS

Computer Name: MARVIN | User Name: Jayson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\uTorrent\uTorrent.exe" = F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"F:\Program Files\TeamViewer\Version6\TeamViewer.exe" = F:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"F:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = F:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"F:\WINDOWS\system32\dpvsetup.exe" = F:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"F:\Program Files\ooVoo\ooVoo.exe" = F:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"F:\Program Files\Google\Google Earth\plugin\geplugin.exe" = F:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{044B477C-3AF5-4DF2-A946-200C2C9E8933}" = ASUS USB2.0 UVC VGA WebCam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0EEDADC6-5614-4823-8CFD-B448F1601E83}" = SRS Premium Sound Control Panel
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4877CCD5-6B0B-4B3A-8EF1-911D946B8B94}" = SRS Audio Sandbox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{751F6A0B-FDEC-47B6-B45D-7A1AE742A87A}" = SlimDrivers
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}" = SRS Audio Sandbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Debut" = Debut Video Capture Software
"Defraggler" = Defraggler
"Doxillion" = Doxillion Document Converter
"Duke Nukem Forever_is1" = Duke Nukem Forever
"ESET Online Scanner" = ESET Online Scanner v3
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Line 6 Uninstaller" = Line 6 Uninstaller
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MiniEvony Toolbar" = MiniEvony Toolbar
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NCH_EN Toolbar" = NCH EN Toolbar
"Prism" = Prism Video File Converter
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2011 5:32:21 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:32:23 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:33:56 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:33:58 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:35:00 PM | Computer Name = MARVIN | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
was canceled. You canceled the Security Essentials installation on your computer.
Error code:0x8004FF0A.

Error - 9/1/2011 5:44:25 PM | Computer Name = MARVIN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/1/2011 5:44:31 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/2/2011 1:03:54 AM | Computer Name = MARVIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/4/2011 4:22:32 PM | Computer Name = MARVIN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/4/2011 4:22:42 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

[ Application Events ]
Error - 9/1/2011 5:32:21 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:32:23 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:33:56 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:33:58 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/1/2011 5:35:00 PM | Computer Name = MARVIN | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
was canceled. You canceled the Security Essentials installation on your computer.
Error code:0x8004FF0A.

Error - 9/1/2011 5:44:25 PM | Computer Name = MARVIN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/1/2011 5:44:31 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/2/2011 1:03:54 AM | Computer Name = MARVIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/4/2011 4:22:32 PM | Computer Name = MARVIN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/4/2011 4:22:42 PM | Computer Name = MARVIN | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 9/15/2011 4:18:23 PM | Computer Name = MARVIN | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/15/2011 4:18:53 PM | Computer Name = MARVIN | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/15/2011 4:18:53 PM | Computer Name = MARVIN | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.111.2222.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80080005 Error
description: Server execution failed

Error - 9/16/2011 3:07:59 PM | Computer Name = MARVIN | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/16/2011 3:08:05 PM | Computer Name = MARVIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 9/16/2011 3:17:56 PM | Computer Name = MARVIN | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/16/2011 3:18:26 PM | Computer Name = MARVIN | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/16/2011 3:18:26 PM | Computer Name = MARVIN | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/16/2011 3:18:56 PM | Computer Name = MARVIN | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/16/2011 3:18:56 PM | Computer Name = MARVIN | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.111.2222.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80080005 Error
description: Server execution failed


< End of report >

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:40 AM

Posted 17 September 2011 - 02:00 PM

Good evening. :)

Run OTL.exe.

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed.

Assuming that nothing untoward happens, you're done. The tool should create a log, but I don't need to see it unless something happens that you weren't expecting - shower of sparks, cloud of smoke, anything like that!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Go to Start > Run, enter the following into the textbox and click OK: ComboFix /Uninstall
This will uninstall Combofix and do a little housework besides.

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your log doesn't appear to show a third-party software firewall installed - if you have one, and i've missed it, please ignore this.
If you are relying the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.
If you are using a wireless router that comes with a NAT hardware firewall, this also doesn't monitor outgoing connections.

There are a few free firewalls available, of which the following are just three (all of which i've used at one time or another) :

Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Finally, Duke Nukem Forever - worth the money or avoid like the plague? Ta.

So long, and thanks for all the fish.

 

 


#12 Jayson201

Jayson201
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 17 September 2011 - 08:53 PM

I have service pack 3 so I shouldn't be using the Firewall from SP2. Also, DISREGARDING the fact that MSE basically died, it has been a wonderful Anti Virus, I'm riding for it or my computers dying for it :3

"Assuming that nothing untoward happens, you're done. The tool should create a log, but I don't need to see it unless something happens that you weren't expecting - shower of sparks, cloud of smoke, anything like that!"

^^^^^^^^^^^^^^^^^^^^^^ That, was an enjoyable statement.

Duke Nukem Forever...That's a hard question to answer. My computer couldn't play it without LAGGGGGG because I'm running using an intel GPU with a nice long name, Mobile Intel 4 Series. Not even that GMA crap, Mobile Intel 4. I can't judge it well because of the lag, so,

If you're a Nukem fan, I recommend you try before you buy :) I think I played all the way through it in spite of the lag though, so it must be some kind of good.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:40 AM

Posted 18 September 2011 - 02:36 PM

I have service pack 3 so I shouldn't be using the Firewall from SP2.

The firewall came with SP2 and, as far as i'm aware, SP3 didn't offer anything new to it. It's not a fully effective firewall and i'd get a third-party one as I said.

Also, DISREGARDING the fact that MSE basically died, it has been a wonderful Anti Virus, I'm riding for it or my computers dying for it :3

It's not the first AV to fail to block this family of infections, so it doesn't fail on that point. It's also the case that an AV is the last line of defence when you use your PC, so if it does fail, everything else failed first. This is basically a cheap shot at the user who went where s/he shouldn't, clicked what s/he shouldn't, or was just unlucky enough to cross the path of code that was better than the resident AV - such is PC life!

"Assuming that nothing untoward happens, you're done. The tool should create a log, but I don't need to see it unless something happens that you weren't expecting - shower of sparks, cloud of smoke, anything like that!"

^^^^^^^^^^^^^^^^^^^^^^ That, was an enjoyable statement.

And free too - what more can you ask for in this day and age, apart from a GIGANTIC lottery win obviously.

If you're a Nukem fan, I recommend you try before you buy :) I think I played all the way through it in spite of the lag though, so it must be some kind of good.

I guess i'll try and get a play on somebody's system if I can and just cross my fingers and throw some cash at it if I can't - ta.

Safe surfing. :busy:

So long, and thanks for all the fish.

 

 


#14 Jayson201

Jayson201
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 AM

Posted 19 September 2011 - 03:56 PM

Which firewall do you personally recommend, and/or use?

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:40 AM

Posted 19 September 2011 - 05:33 PM

I use one built into ESET Smart Security 4, so that's probably not a good option for you. I used to use the Comodo one and got on with it famously, but when the opportunity to get a free subscription to ESET came along, it was too good to miss out on.

The only thing to be aware of is that Comodo started to bundle some optional extras into the installer, so you needed to read everything before you clicked in order to opt out - I think it was a toolbar, but it's been a while since I installed it.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users