Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run DDS, No Internet, CPU 100%, SMART HDD Reminants, Suspect Rootkit


  • This topic is locked This topic is locked
40 replies to this topic

#1 AshleyO8

AshleyO8

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 25 May 2012 - 06:49 PM

Note: I have not attached a DDS log. When I ran DDS it crashed and stalled the computer towards the end of running. I tried multiple times and each time I let run for 10 minutes. As for the GMER log it had errors loading but I got it to run sort of. The proper items were unchecked but there were only check marks next to Services, Registry and Files. The rest was greyed out. I was not allowed to save the GMER log as ark.text. Had to save it as ark.log although it says it is a text file.

Details of the problem and what has been tried...

I'm helping an elderly friend of mine with her old desktop. Given what she does it is fine for her and she has a HP Mini laptop to use that is newer. What started out as what I thought was a virus and hard drive crash turned out to just be a very nasty infection. The desktop was black and when I hit the start button all I saw was white space except for the Dell Solutions Center. Programs were gone too. On the desktop the Smart HDD was there as well. In the notification area I was getting errors like controller failure, not enough resources to display things. As the hard drive crash was more of a priority and given the age of this computer, I figured pull her data and buy a new computer. I called in a computer expert that does data recovery (he also does virus removal) to pull her data as at the time I could not do anything on the computer. He said immediately it was a virus and it hides your folders and data. Smart HDD did not come up for him. He did the following:
  • Went to windows explorer, then view and show hidden files and folders.
  • Used the program Unhide.exe and that worked.
  • Next he ran CCleaner.
  • He tried to run Combofix and it didn’t work. It got as far as saying it was doing the scan and shouldn’t take more than 10 minutes etc. Tried renaming Combofix and running it in safe mode, neither worked.
  • I suggested Malwarebytes which I had already installed on the machine awhile back and a quick scan picked up 9 items.
  • Tried Combofix again and let it run overnight. Combofix had stalled again. Computer guy said it is most likely too infected and too expensive to have him fix it given the age of the machine. She could buy a new machine for what she would end up paying him.
I ran scans myself now that the computer somewhat worked and I could see everything. I found the Smart HDD removal guide on this site and started to follow it. Ran RKill in safe mode and it found one item something to do with Logitech video. Then when I tried to access the internet the keyboard locked and the screen froze so I had to reboot which RKill says not to do after running it. I tried accessing the internet a couple times and it either redirected me or froze the machine. TDSSKiller wouldn’t run. Tried renaming it but it still wouldn’t run. Ran a Malwarebytes full scan but couldn’t update the definitions (they were only a day old) either due to the virus and or the Netgear Powerline. (This computer has had problems accessing the internet sometimes that I have traced to the Netgear Powerline. It will be replaced soon). I use my laptop to download and copy programs onto an external portable hard drive then on to her machine. Anyway, the full scan found 10 more items. I also ran the following:
  • Spybot Search and Destroy –Full Scan
  • SUPERAtiSpyware – Quick and Full Scan
  • Emsisoft Antimalware (Formerly ASquared) – quick scan which crashed when removing a couple items. Ran a full scan and found 5 items.
  • AVG – It is out of date but up to date on updates and caught a couple items. Tried to put AVG 2012 on there but wouldn’t upgrade.
Tried to run Combofix again, aswMBR and HijackThis (to see if it would run and for log purposes, not to fix anything. I have run HijackThis before). None of those worked. Sometimes I found when I copied programs from my hard drive to her desktop I had to right click on the program on her desktop go to properties and unblock it. One error I should mention that seems to come up when trying to run a program is Generic Host Process for Win32 has encountered a problem and needs to close. Last night I noticed the CPU at 100% which is caused by explorer.exe. Emsisoft Antimalware will not run well now but if I kill the process explorer.exe in task manager the desktop goes blank but the program runs fine then the desktop comes back and stalls everything. I also got an IE error when IE was not even open.

I have done virus removal in the past, but this infection is beyond running some simple scans. I suspect a rootkit of some sort but that is a guess. At this point I gave up and decided to post here. You guys helped me on my own computer in the past when I had a nasty virus although I couldn’t find my old account. Sorry for the long detailed answer but I figure the more info you have the better you can assist me. Thanks in advance for all your help. It is much appreciated.

Attached Files

  • Attached File  ark.log   1.65KB   11 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 31 May 2012 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/454894 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 01 June 2012 - 04:22 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, AshleyO8

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Just to verify, the OS is running on XP SP3?

What are the security software installed in this computer?

Finally, is this OEM computer?

What we are going to do now is use OTL and see if it can generate any log for us.

---------------------------------------------------------------------------------------------------

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
===================================================

On your next reply please post :
OTL log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 AshleyO8

AshleyO8
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 02 June 2012 - 04:12 AM

Hi Conspire,

Thanks for the help! Just to give you a heads up I might be slightly delayed in running OTL. Will try to go over to her house this weekend. However, I can answer your questions. Yes, I believe the OS is running XP SP3. I will verify when I go over there but I am 99% sure. Security software is AVG 8.5. Thought it had a newer version. I tried to update a couple weeks ago and it failed. I have AVG 2012 ready to put on it after problems are resolved. I believe Windows Defender is on there as well. As for your last question, this is an OEM computer. It is a Delll Inspiron 2400.

Will post again shortly.

Thanks,
Ashley


#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 02 June 2012 - 07:59 AM

Ok. Since this is OEM computer, would there be by any chance of getting it to factory restore? It would be much easier than having to go through all these problem since you don't have a direct access on it.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 02 June 2012 - 07:59 AM

I will guide you along if you need it.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 AshleyO8

AshleyO8
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 02 June 2012 - 04:12 PM

What exactly do you been my factory restore? Do you mean wiping it and reformatting the hard drive or going back to a earlier restore point?

My friend only lives a mile from my house and I pretty much have access to the computer anytime I want except late at night. I can also bring it to my house if needed.


#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 02 June 2012 - 10:08 PM

OEM computers usually have a hidden partition where you can use it to restore the machine back to factory settings. Meaning the condition when you first received it, like brand new. So yes, in a way it's wiping off the hard drive but it's not reformatting.

It's up to you to decide whether to continue the process. Please post the OTL log if possible. :)

Edited by Conspire, 02 June 2012 - 10:09 PM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 AshleyO8

AshleyO8
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 03 June 2012 - 11:13 PM

I went to my friends today, picked up the computer and brought it to my house. On this computer the separate partition holds diagnostics. I did have other options for recovery console and putting the computer back to the last known good configuration.

I definitely want to continue with the virus removal process. I was able to run OTL but I had download it to my desktop and copy it to a flash drive. If I try to use the internet on her computer besides loading the home page and going on google I get redirected. One other small thing I noticed that is strange is that I cannot customize the notification area next to the clock. I right click on the taskbar, go to properties and customize is greyed out. It didn't used to be greyed out. Not sure if it relates to the virus but thought I would mention it. Anyway, here are the two logs:

OTL logfile created on: 6/3/2012 7:34:26 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 343.96 Mb Available Physical Memory | 33.66% Memory free
2.41 Gb Paging File | 1.68 Gb Available in Paging File | 70.01% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 35.64 Gb Free Space | 47.86% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\CapsUnlock\CapsUnlock.exe (BrainSystems)
PRC - C:\Program Files\Common Files\AOL\1102910909\EE\aolsoftware.exe (AOL LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - c:\Program Files\Common Files\AOL\1102910909\EE\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe ()
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\SYSTEM32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\CapsUnlock\CapsUnlock.dll ()
MOD - c:\Program Files\Common Files\AOL\1102910909\EE\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (NetDDEdsdm) -- C:\WINDOWS\SYSTEM32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\SYSTEM32\netdde.exe (Microsoft Corporation)
SRV - (upnphost) -- C:\WINDOWS\SYSTEM32\upnphost.dll (Microsoft Corporation)
SRV - (SSDPSRV) -- C:\WINDOWS\SYSTEM32\ssdpsrv.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\SYSTEM32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\SYSTEM32\mprdim.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\SYSTEM32\alrsvc.dll (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (V2i Protector) -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (PowerQuest Corporation)


========== Driver Services (SafeList) ==========

DRV - (xwvnszhw) -- C:\WINDOWS\system32\drivers\xwvnszhw.sys File not found
DRV - (WDICA) -- File not found
DRV - (PQV2i) -- File not found
DRV - (PQIMount) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (AvgLdx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (dmboot) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (dmio) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070221.002\SymIDSCo.sys (Symantec Corporation)
DRV - (XE103Sp50) -- C:\WINDOWS\SYSTEM32\DRIVERS\XE103Sp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (symlcbrd) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys (Symantec Corporation)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\SYSTEM32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (dmload) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (ac97intc) Intel® 82801DB/DBM Audio Driver Service (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97ich4.sys (Intel Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS440
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102910909\EE\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [urlmon] "C:\Documents and Settings\Owner\Local Settings\Application Data\urlmon.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe (BrainSystems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab (HTECtrl Class)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38106.4506365741 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} http://www.microsoft.com/security/controls/DoomCln.CAB (DoomCln Object)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.dll (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab (ActiveDataObj Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B346F93-60EB-4B68-930F-3FCEFCCB6E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 19:32:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/03 19:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/03 19:20:22 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/03 19:20:22 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/03 19:20:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/03 19:20:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/03 19:20:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/22 22:23:53 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2012/05/22 19:55:00 | 000,809,288 | ---- | C] (AirInstaller Inc.) -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2012/05/22 17:30:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/05/22 17:18:19 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/22 13:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Emsisoft Anti-Malware
[2012/05/22 13:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/05/22 13:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Anti-Malware
[2012/05/22 13:10:26 | 000,000,000 | --SD | C] -- C:\C17250C
[2012/05/21 19:07:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\MBR.exe
[2012/05/18 18:17:31 | 000,000,000 | --SD | C] -- C:\C16499C
[2012/05/18 17:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2012/05/18 17:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2012/05/18 17:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2012/05/18 17:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/18 16:33:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/18 15:57:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/05/18 15:56:24 | 003,878,424 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2012_2176_cnet.exe
[2012/05/18 15:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/05/18 15:46:01 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\T.exe
[2012/05/17 16:23:59 | 004,496,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/05/17 16:15:01 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/17 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/17 16:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012/05/17 15:56:38 | 007,287,176 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro36.exe
[2012/05/17 15:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\reg backups
[2012/05/17 15:29:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/17 14:37:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/17 14:29:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 14:29:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 14:29:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 14:29:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/17 14:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/17 14:28:10 | 000,000,000 | --SD | C] -- C:\C
[2012/05/17 14:26:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/17 14:25:27 | 004,502,181 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\C.exe
[2012/05/17 14:09:37 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\unhide.exe
[2012/05/06 01:55:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[243 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 19:31:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 19:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/03 19:19:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/03 19:19:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/03 19:19:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/03 19:19:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/03 19:19:38 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/03 19:19:37 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/06/03 19:14:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/03 19:12:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/03 19:10:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 19:10:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/03 18:49:24 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/03 17:16:24 | 000,001,296 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN1473B0SZ05HX.job
[2012/06/03 16:27:04 | 060,495,574 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/06/03 14:00:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/06/03 13:50:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/03 10:10:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/02 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/06/02 20:21:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/06/01 15:40:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/25 03:36:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/25 02:49:42 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2012/05/25 02:17:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2012/05/25 01:03:15 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/25 00:55:09 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012/05/22 19:53:22 | 000,809,288 | ---- | M] (AirInstaller Inc.) -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2012/05/22 19:14:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/05/22 17:39:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/05/22 17:29:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/05/22 17:21:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/05/22 17:18:21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/22 17:18:18 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/22 17:13:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/05/22 17:03:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/22 13:12:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/22 13:12:11 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/22 13:08:08 | 004,502,181 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\C.exe
[2012/05/21 19:05:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\MBR.exe
[2012/05/21 18:59:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/18 17:34:07 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/18 17:12:21 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 15:51:37 | 003,878,424 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2012_2176_cnet.exe
[2012/05/18 15:46:01 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\T.exe
[2012/05/18 14:22:42 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2012/05/17 16:31:11 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2012/05/17 16:15:01 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/17 16:02:52 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
[2012/05/17 15:39:17 | 000,002,161 | ---- | M] () -- C:\WINDOWS\dtab.ini
[2012/05/17 15:37:53 | 000,000,218 | ---- | M] () -- C:\WINDOWS\DTO2KXSV.INI
[2012/05/17 15:29:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 14:12:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/17 14:04:15 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\unhide.exe
[2012/05/17 14:03:07 | 004,496,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/05/10 05:58:59 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro36.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[243 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/25 02:49:42 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2012/05/25 01:03:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/25 00:55:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012/05/22 19:14:36 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/05/22 18:53:26 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/05/22 17:35:48 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/22 17:35:47 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Nikon Monitor.lnk
[2012/05/22 17:35:47 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CapsUnlock.lnk
[2012/05/22 17:29:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/05/22 17:27:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/05/22 17:18:30 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/22 13:12:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/22 13:12:11 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/21 18:59:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/05/18 17:12:21 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 16:40:12 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2012/05/17 16:02:52 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
[2012/05/17 14:37:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/17 14:37:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/17 14:29:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/17 14:29:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/17 14:29:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 14:29:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 14:29:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/17 14:21:11 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/17 14:21:11 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/17 14:21:11 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Defender.lnk
[2012/05/17 14:21:11 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Messenger.lnk
[2012/05/17 14:21:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2012/05/17 14:21:11 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Day Timer.lnk
[2012/05/17 14:21:11 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/17 14:21:11 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/17 14:21:11 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Password Safe.lnk
[2012/05/17 14:21:11 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2012/05/17 14:21:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/17 14:21:10 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint.lnk
[2012/05/17 14:21:10 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Outlook.lnk
[2012/05/17 14:21:10 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Excel.lnk
[2012/05/17 14:21:10 | 000,002,022 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Word.lnk
[2012/05/17 14:21:10 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft FrontPage.lnk
[2012/05/17 14:21:10 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Access.lnk
[2012/05/17 14:21:10 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN Explorer.lnk
[2012/05/17 14:21:09 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/17 14:21:09 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2012/05/17 14:21:09 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop Album 2.0 Starter Edition.lnk
[2012/05/04 11:32:28 | 000,459,780 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\08cb0ceb.exe
[2012/05/04 11:22:12 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-doSz6Z6Gs9EZfar
[2012/05/04 11:22:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-doSz6Z6Gs9EZfa
[2012/04/29 18:59:56 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\doSz6Z6Gs9EZfa
[2010/08/02 20:42:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grapher
[2010/08/02 20:42:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Owner\Application Data\Galaxy Swirl
[2010/08/02 20:42:42 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
[2010/08/02 20:42:42 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Halftone

========== LOP Check ==========

[2012/05/18 15:57:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2010/08/02 20:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
[2007/09/10 17:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2012/05/17 16:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012/05/18 17:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2010/08/02 20:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon
[2004/04/29 17:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PowerQuest
[2010/08/02 20:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
[2007/03/16 09:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2010/08/06 22:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/02 16:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/26 14:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/03/08 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2004/04/29 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IsolatedStorage
[2005/01/08 23:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/04/16 11:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/08/02 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2007/03/16 09:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2012/06/03 10:10:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/06/02 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/06/02 20:21:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/06/03 14:00:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/06/03 19:14:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 6/3/2012 7:34:26 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 343.96 Mb Available Physical Memory | 33.66% Memory free
2.41 Gb Paging File | 1.68 Gb Available in Paging File | 70.01% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 35.64 Gb Free Space | 47.86% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE13935-7236-474f-A8AC-0BA7587C5F76}" = HP Photosmart Cameras 3.5
"{4D8B84F5-DB34-4F6E-B4BF-1C8E753D77BC}" = NETGEAR XE103 Powerline Encryption Utility
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65FD68CF-7E76-4BC9-9B1A-6EA6523F0635}" = CameraDrivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0
"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBDEC232-FFE3-42BC-8C92-6137ED5FB7A9}" = ArcSoft Panorama Maker 3.5
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"America Online us" = America Online (Choose which version to remove)
"AOL Deskbar" = AOL Deskbar
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Updater" = Google Updater
"HitmanPro36" = HitmanPro 3.6
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4D8B84F5-DB34-4F6E-B4BF-1C8E753D77BC}" = NETGEAR XE103 Powerline Encryption Utility
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE" = WinZip Command Line Support Add-On
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/25/2012 6:39:11 AM | Computer Name = DELL | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DELL\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 5/25/2012 7:10:50 AM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application HitmanPro.exe, version 3.6.0.156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/25/2012 7:14:15 AM | Computer Name = DELL | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DELL\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 5/25/2012 7:14:15 AM | Computer Name = DELL | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DELL\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 5/25/2012 7:38:40 AM | Computer Name = DELL | Source = MPSampleSubmission | ID = 5000
Description =

Error - 5/27/2012 1:30:27 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.

Error - 6/3/2012 9:43:11 PM | Computer Name = DELL | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DELL\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 6/3/2012 9:43:11 PM | Computer Name = DELL | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DELL\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 6/3/2012 10:12:22 PM | Computer Name = DELL | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DELL\Owner Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 6/3/2012 10:12:22 PM | Computer Name = DELL | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DELL\Owner Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

[ System Events ]
Error - 6/3/2012 8:19:45 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007054f: Security Update for Windows XP (KB2676562).

Error - 6/3/2012 9:41:20 PM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 000BDBB9CFD6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/3/2012 9:42:32 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PQIMount

Error - 6/3/2012 9:49:46 PM | Computer Name = DELL | Source = NtServicePack | ID = 921877
Description = Windows XP KB2676562 installation failed. An internal error occurred.


Error - 6/3/2012 9:50:57 PM | Computer Name = DELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007054f: Security Update for Windows XP (KB2676562).

Error - 6/3/2012 9:59:41 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}

Error - 6/3/2012 9:59:41 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}

Error - 6/3/2012 10:11:31 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PQIMount

Error - 6/3/2012 10:24:43 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}

Error - 6/3/2012 10:24:43 PM | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service YahooAUService
with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}


< End of report >

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 04 June 2012 - 07:14 AM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    DRV - (xwvnszhw) -- C:\WINDOWS\system32\drivers\xwvnszhw.sys File not found
    DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - No CLSID value found.
    O4 - HKCU..\Run: [urlmon] "C:\Documents and Settings\Owner\Local Settings\Application Data\urlmon.exe" File not found
    [2012/05/04 11:32:28 | 000,459,780 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\08cb0ceb.exe
    [2012/05/04 11:22:12 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-doSz6Z6Gs9EZfar
    [2012/05/04 11:22:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-doSz6Z6Gs9EZfa
    [2012/04/29 18:59:56 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\doSz6Z6Gs9EZfa
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
===================================================

On your next reply please post :
OTL Fix log
Fresh OTL log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 AshleyO8

AshleyO8
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 04 June 2012 - 04:50 PM

A couple things to mention. This morning when I looked at the computer AVG had a threat alert up regarding Exploit Blackhole Exploit Kit (type 1889). I closed it without doing anything and tried to run OTL and everything locked up. I rebooted and everything ran fine. Then while running the regular OTL scan I got a popup from Internet Explorer that says "This page has an unspecified potential security risk. Would you like to continue?" Has a yes/no box? I just closed it for now. Also, just now while typing this reply and waiting for the OTL scan to finish the Help and Support Center page opened and says cannot display the page. Here are the logs.

All processes killed
========== OTL ==========
Service xwvnszhw stopped successfully!
Service xwvnszhw deleted successfully!
File C:\WINDOWS\system32\drivers\xwvnszhw.sys File not found not found.
Error: Unable to stop service AFS2K!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFS2K deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\AFS2K.SYS moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C5F7A735-70F1-477F-8C36-6FF3C736017B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5F7A735-70F1-477F-8C36-6FF3C736017B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\urlmon deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\08cb0ceb.exe moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\-doSz6Z6Gs9EZfar moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\-doSz6Z6Gs9EZfa moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\doSz6Z6Gs9EZfa moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.DELL
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 324635 bytes
->Flash cache emptied: 41 bytes

User: Administrator.DELL.000
->Temp folder emptied: 52337 bytes
->Temporary Internet Files folder emptied: 6726971 bytes
->Flash cache emptied: 703 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 7710101 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 2110628 bytes
->Temporary Internet Files folder emptied: 510263711 bytes
->Flash cache emptied: 405 bytes

User: Owner
->Temp folder emptied: 96017744 bytes
->Temporary Internet Files folder emptied: 234419248 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 5762048 bytes
->Flash cache emptied: 7741 bytes

User: Philip Schneider
->Temp folder emptied: 2653023 bytes
->Temporary Internet Files folder emptied: 528902 bytes
->Flash cache emptied: 300 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1148293 bytes
%systemroot%\System32 .tmp files removed: 248264769 bytes
%systemroot%\System32\dllcache .tmp files removed: 114688 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2061444 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198540598 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 187279 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,256.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.46.0 log created on 06042012_140954

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 6/4/2012 2:25:22 PM - Run 3
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 253.13 Mb Available Physical Memory | 24.77% Memory free
2.41 Gb Paging File | 1.73 Gb Available in Paging File | 71.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 36.64 Gb Free Space | 49.20% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 231.42 Mb Free Space | 23.53% Space Free | Partition Type: FAT

Computer Name: DELL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\CapsUnlock\CapsUnlock.exe (BrainSystems)
PRC - C:\Program Files\Common Files\AOL\1102910909\EE\aolsoftware.exe (AOL LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - c:\Program Files\Common Files\AOL\1102910909\EE\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe ()
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\SYSTEM32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\CapsUnlock\CapsUnlock.dll ()
MOD - c:\Program Files\Common Files\AOL\1102910909\EE\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (NetDDEdsdm) -- C:\WINDOWS\SYSTEM32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\SYSTEM32\netdde.exe (Microsoft Corporation)
SRV - (upnphost) -- C:\WINDOWS\SYSTEM32\upnphost.dll (Microsoft Corporation)
SRV - (SSDPSRV) -- C:\WINDOWS\SYSTEM32\ssdpsrv.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\SYSTEM32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\SYSTEM32\mprdim.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\SYSTEM32\alrsvc.dll (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (V2i Protector) -- C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (PowerQuest Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PQV2i) -- File not found
DRV - (PQIMount) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (AvgLdx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Cdfs) -- C:\WINDOWS\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (dmboot) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (dmio) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070221.002\SymIDSCo.sys (Symantec Corporation)
DRV - (XE103Sp50) -- C:\WINDOWS\SYSTEM32\DRIVERS\XE103Sp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (symlcbrd) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys (Symantec Corporation)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\SYSTEM32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (dmload) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (ac97intc) Intel® 82801DB/DBM Audio Driver Service (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ac97ich4.sys (Intel Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS440
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/06/04 14:19:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102910909\EE\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe (BrainSystems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab (HTECtrl Class)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38106.4506365741 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} http://www.microsoft.com/security/controls/DoomCln.CAB (DoomCln Object)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.dll (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab (ActiveDataObj Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B346F93-60EB-4B68-930F-3FCEFCCB6E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 14:09:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 19:32:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/03 19:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/03 19:20:22 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/03 19:20:22 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/03 19:20:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/03 19:20:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/03 19:20:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/22 22:23:53 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2012/05/22 19:55:00 | 000,809,288 | ---- | C] (AirInstaller Inc.) -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2012/05/22 17:30:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/05/22 17:18:19 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/22 13:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Emsisoft Anti-Malware
[2012/05/22 13:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/05/22 13:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Anti-Malware
[2012/05/22 13:10:26 | 000,000,000 | --SD | C] -- C:\C17250C
[2012/05/21 19:07:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\MBR.exe
[2012/05/18 18:17:31 | 000,000,000 | --SD | C] -- C:\C16499C
[2012/05/18 17:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2012/05/18 17:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2012/05/18 17:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2012/05/18 17:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/18 16:33:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/18 15:57:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/05/18 15:56:24 | 003,878,424 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2012_2176_cnet.exe
[2012/05/18 15:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/05/18 15:46:01 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\T.exe
[2012/05/17 16:23:59 | 004,496,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/05/17 16:15:01 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/17 16:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/17 16:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012/05/17 15:56:38 | 007,287,176 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro36.exe
[2012/05/17 15:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\reg backups
[2012/05/17 15:29:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/17 14:37:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/17 14:29:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 14:29:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 14:29:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 14:29:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/17 14:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/17 14:28:10 | 000,000,000 | --SD | C] -- C:\C
[2012/05/17 14:26:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/17 14:25:27 | 004,502,181 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\C.exe
[2012/05/17 14:09:37 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\unhide.exe
[2012/05/06 01:55:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent

========== Files - Modified Within 30 Days ==========

[2012/06/04 14:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/04 14:25:27 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/04 14:23:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/04 14:20:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/04 14:20:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/04 14:19:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2012/06/04 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/06/04 13:50:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/04 13:49:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/04 13:42:19 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/03 20:21:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/06/03 19:26:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/03 19:19:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/03 19:19:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/03 19:19:40 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/03 19:19:40 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/03 19:19:38 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/03 19:19:37 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/06/03 17:16:24 | 000,001,296 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN1473B0SZ05HX.job
[2012/06/03 16:27:04 | 060,495,574 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/06/02 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/06/01 15:40:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/25 03:36:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/25 02:49:42 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2012/05/25 02:17:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2012/05/25 01:03:15 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/25 00:55:09 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012/05/22 19:53:22 | 000,809,288 | ---- | M] (AirInstaller Inc.) -- C:\Documents and Settings\Owner\Desktop\setup.exe
[2012/05/22 19:14:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/05/22 17:39:59 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/05/22 17:29:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/05/22 17:21:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/05/22 17:18:21 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/22 17:18:18 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/22 17:13:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/05/22 17:03:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/22 13:12:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/22 13:12:11 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/22 13:08:08 | 004,502,181 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\C.exe
[2012/05/21 19:05:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\MBR.exe
[2012/05/21 18:59:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/18 17:34:07 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/18 17:12:21 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 15:51:37 | 003,878,424 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_2012_2176_cnet.exe
[2012/05/18 15:46:01 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\T.exe
[2012/05/18 14:22:42 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2012/05/17 16:31:11 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Safari.lnk
[2012/05/17 16:15:01 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/05/17 16:02:52 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
[2012/05/17 15:39:17 | 000,002,161 | ---- | M] () -- C:\WINDOWS\dtab.ini
[2012/05/17 15:37:53 | 000,000,218 | ---- | M] () -- C:\WINDOWS\DTO2KXSV.INI
[2012/05/17 15:29:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/17 14:12:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/17 14:04:15 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\unhide.exe
[2012/05/17 14:03:07 | 004,496,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/05/10 05:58:59 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Owner\Desktop\HitmanPro36.exe

========== Files Created - No Company Name ==========

[2012/05/25 02:49:42 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2012/05/25 01:03:15 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/25 00:55:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012/05/22 19:14:36 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/05/22 18:53:26 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/05/22 17:35:48 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/05/22 17:35:47 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Nikon Monitor.lnk
[2012/05/22 17:35:47 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CapsUnlock.lnk
[2012/05/22 17:29:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/05/22 17:27:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/05/22 17:18:30 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/22 13:12:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/22 13:12:11 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/21 18:59:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/05/18 17:12:21 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/18 16:40:12 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2012/05/17 16:02:52 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
[2012/05/17 14:37:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/17 14:37:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/17 14:29:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/17 14:29:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/17 14:29:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 14:29:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 14:29:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/17 14:21:11 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/17 14:21:11 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/17 14:21:11 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Defender.lnk
[2012/05/17 14:21:11 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Messenger.lnk
[2012/05/17 14:21:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2012/05/17 14:21:11 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Day Timer.lnk
[2012/05/17 14:21:11 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/17 14:21:11 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/17 14:21:11 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Password Safe.lnk
[2012/05/17 14:21:11 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2012/05/17 14:21:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/05/17 14:21:10 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint.lnk
[2012/05/17 14:21:10 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Outlook.lnk
[2012/05/17 14:21:10 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Excel.lnk
[2012/05/17 14:21:10 | 000,002,022 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Word.lnk
[2012/05/17 14:21:10 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft FrontPage.lnk
[2012/05/17 14:21:10 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Access.lnk
[2012/05/17 14:21:10 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN Explorer.lnk
[2012/05/17 14:21:09 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/17 14:21:09 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Apple Software Update.lnk
[2012/05/17 14:21:09 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Photoshop Album 2.0 Starter Edition.lnk
[2010/08/02 20:42:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grapher
[2010/08/02 20:42:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Owner\Application Data\Galaxy Swirl
[2010/08/02 20:42:42 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT
[2010/08/02 20:42:42 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Halftone

========== LOP Check ==========

[2012/05/18 15:57:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2010/08/02 20:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
[2007/09/10 17:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2012/05/17 16:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012/05/18 17:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2010/08/02 20:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nikon
[2004/04/29 17:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PowerQuest
[2010/08/02 20:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
[2007/03/16 09:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2010/08/06 22:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/02 16:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/26 14:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/03/08 20:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2004/04/29 16:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IsolatedStorage
[2005/01/08 23:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/04/16 11:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/08/02 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2007/03/16 09:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2012/06/04 13:42:19 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/06/02 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/06/03 20:21:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/06/04 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/06/04 14:25:27 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 05 June 2012 - 12:13 AM

Thanks for the feedback.

Please delete the existing copy of ComboFix and download a fresh one here

Make sure you disabled ALL the security programs.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 AshleyO8

AshleyO8
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 05 June 2012 - 02:35 AM

Tried to download ComboFix from her computer. Was testing the internet to see if it was any better. Got on Bleeping Computer and was scrolling down my post to the last reply and the internet shutdown. Tried again, same thing. I used my computer to download and copy. ComboFix started to run but stalled in the same place as before (the line that starts with however). When I tried to close Combofix it froze everything and the keyboard locked. Had to use the power button to shut it off. Tried it in safe mode too, same thing happened.

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 05 June 2012 - 07:10 AM

Go to Start > Run and copy/paste the following into the Run box and click OK:

"%userprofile%\desktop\combofix.exe" /nombr
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 AshleyO8

AshleyO8
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 05 June 2012 - 04:56 PM

Took a long time to load, but it finally worked. Took at least 20-30 minutes to get through all stages.

ComboFix 12-06-05.03 - Owner 06/05/2012 13:34:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.214 [GMT -7:00]
Running from: c:\documents and settings\Owner\desktop\combofix.exe
Command switches used :: /nombr
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\Owner\WINDOWS
c:\windows\help\wmplayer.bak
c:\windows\patch.exe
c:\windows\system\Color
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 19:42 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Definition Updates\{EBE41E0A-9E2D-40F8-9EEC-F5817DF356F0}\mpengine.dll
2012-06-05 10:08 . 2012-06-05 10:08 -------- d-----w- c:\windows\LastGood
2012-06-04 21:09 . 2012-06-04 21:09 -------- d-----w- C:\_OTL
2012-06-04 02:20 . 2012-06-04 02:20 -------- d-----w- c:\program files\Common Files\Java
2012-06-04 02:20 . 2012-06-04 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-04 02:20 . 2012-06-04 02:19 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-23 00:18 . 2012-05-23 00:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-22 20:11 . 2012-06-05 06:06 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-05-19 00:12 . 2012-05-19 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-05-19 00:12 . 2012-05-19 00:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-19 00:12 . 2012-05-19 00:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2012-05-18 23:33 . 2012-05-18 23:33 -------- d-----w- C:\$AVG
2012-05-18 22:57 . 2012-05-18 22:57 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\Common Files
2012-05-18 22:56 . 2012-05-19 00:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2012-05-18 21:16 . 2012-05-18 21:16 -------- d-----w- c:\documents and settings\Administrator.DELL
2012-05-17 23:15 . 2012-05-17 23:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-17 23:02 . 2012-05-17 23:02 -------- d-----w- c:\program files\HitmanPro
2012-05-17 23:02 . 2012-05-17 23:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-05-17 22:29 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 21:28 . 2012-05-17 21:43 -------- d-----w- C:\C
2012-05-17 21:09 . 2012-05-17 21:04 399264 ----a-w- C:\unhide.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 02:19 . 2010-05-02 18:57 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-31 13:22 . 2004-04-29 17:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-23 00:18 . 2011-06-04 23:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 16:40 . 2007-02-23 23:44 6737808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-19 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"HostManager"="c:\program files\Common Files\AOL\1102910909\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]
.
c:\documents and settings\Philip Schneider\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\program files\Sony Handheld\HOTSYNC.EXE [N/A]
NetTurbo.lnk - c:\program files\SharewareOnline.com\NetTurbo\NetTurbo.exe [2003-12-11 536576]
UMAX VistaAccess.lnk - c:\vstascan\vsaccess.exe [2003-11-24 282624]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
CapsUnlock.lnk - c:\program files\CapsUnlock\CapsUnlock.exe [2008-10-5 13312]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2004-10-31 65588]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:35 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/20/2008 9:19 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/20/2008 9:19 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2008 9:29 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2008 9:29 AM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S0 PQV2i;PQV2i; [x]
S1 PQIMount;PQIMount; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 12:49 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [5/22/2012 5:18 PM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 12:49 PM 135664]
S3 XE103Sp50;XE103Sp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\XE103Sp50.sys [11/28/2006 10:46 PM 27072]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 00:18]
.
2012-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-06-05 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2012-06-05 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2012-06-05 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2012-06-04 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 05:12]
.
2012-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-25 13:03]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 19:49]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 19:49]
.
2012-06-05 c:\windows\Tasks\hpwebreg_CN1473B0SZ05HX.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-17 05:16]
.
2012-06-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
AddRemove-WZCLINE - c:\program files\WinZip\winzip32
AddRemove-{4CE13935-7236-474f-A8AC-0BA7587C5F76} - c:\program files\HP\Digital Imaging\{4CE13935-7236-474f-A8AC-0BA7587C5F76}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-05 14:37:19
ComboFix-quarantined-files.txt 2012-06-05 21:36
.
Pre-Run: 39,112,777,728 bytes free
Post-Run: 39,257,817,088 bytes free
.
- - End Of File - - 2589808E011C26B6D27A99DEE90E7916





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users