Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Topic: Win32 Trojan / Win32:Rootkit-gen / Google Redirect?


  • Please log in to reply

#1
brindilyn.12

brindilyn.12

    New Member

  • Member
  • Pip
  • 6 posts
Hi, Im new here and not great at computer stuff, I would really appreciate any help!! Thanks in advance!

So A couple nights ago my computer screen started randomly flashing and spazing (s/p?) I went to try to back up my photos to a cd, and none of my burning programs will read the driver when a blank cd is in it.
I tried to do a system restore, and was not able to. no restore points? I turned the computer off for the night.
Next morning I turned it on, and random wierd messages kept popping up. And I went online to try to find out what to do, and every link i clicked on google would redirect me to a non related site. Tried to shut the computer down, would not shut down, would not restart...could only use a limited profile if i try to get onto a adminastrative profile the desktop icons flash and i cant do anything.
Finally got malwarebytes to download but had to rename it to make it work. & it could not get rid of the things it found.
I can now only run the computer in Safe mode - when I try to get on normal mode a long message pops up about a memory dump..
I ran avast & it said
I have got :

Win32:Trojan-Gen {Other}
C:\windows\system32\gxvxccynxwejpjdqlbbutklfknrgucuafmiub.dll

Win32:Rootkit-gen [Rtk]
c:\documents&settings\Owner\localsettings\Temp\d.exe

Win32:Patched-KG [Trj]
C:\Documents&Settings\Owner\LocalSettings\temp\tmp1B9.tn

JS:Pofka-1R [Expl]
c:\documents&settings\Owner\Localsetting\Temp

and more...but when i goto send them to the chest it either says
"cannot access the file because it is being used by another process"
or "Virus chest is not running. RPC communication failed"

I finally got it to do a boot time scan but it frooze at the end & im not sure if it did anything.
I followed the malware & spyware cleaning guides - ill post my logs next! If anyone can help me, I would greatly appreciate it!! I have files I need to get off here :/
THANKS - Brindi.
  • 0

Advertisements


#2
brindilyn.12

brindilyn.12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Also I could not get windows to update...

When I try it says "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. "
  • 0

#3
brindilyn.12

brindilyn.12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Rooter Log -

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:186222 Mo/Free:669 Mo)
D:\ [Fixed] - FAT32 - (Total:4540 Mo/Free:2289 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
K:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 06/09/2009|13:29

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 06/09/2009|13:31

----------------------\\ Scan completed at 13:31
  • 0

#4
brindilyn.12

brindilyn.12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL.Txt Log -

OTL logfile created on: 6/9/2009 1:52:37 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator.BRINDI\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.36 Mb Total Physical Memory | 646.30 Mb Available Physical Memory | 72.18% Memory free
2.12 Gb Paging File | 2.04 Gb Available in Paging File | 96.33% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.86 Gb Total Space | 76.66 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.24 Gb Free Space | 50.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRINDI
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator.BRINDI\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (0147871237060579mcinstcleanup [Auto | Stopped]) -- File not found
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Stopped]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (CCALib8 [Auto | Stopped]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Stopped]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (PrismXL [Auto | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (UMWdf [Auto | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Stopped]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (aswFsBlk [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Stopped]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IntcAzAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iviVD [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (izwidekur [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\avgirylfbev.sys ()
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RimUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USB_RNDIS_XP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T6426
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/31 14:53:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/26 20:00:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\MOZILLA FIREFOX\COMPONENTS [2009/06/07 13:53:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\MOZILLA FIREFOX\PLUGINS [2009/06/05 10:55:25 | 00,000,000 | ---D | M]

[2009/06/07 13:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\mozilla\Firefox\Profiles\vkbvpf8c.default\extensions
[2009/06/08 10:55:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/06/06 18:13:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/19 19:45:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/31 14:53:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/12/19 19:45:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2008/12/19 19:44:54 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/19 19:44:54 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/19 19:44:54 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/19 19:44:58 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/19 19:44:58 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/12/19 19:45:11 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/19 19:45:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/19 19:45:11 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/19 19:45:11 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/19 19:45:11 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/19 19:45:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (150 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 alarm-security.microsoft.com
O1 - Hosts: 209.44.111.57 inetantivirus.com
O1 - Hosts: 209.44.111.57 www.inetantivirus.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\brindi\br.exe" /runcleanupscript (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} http://www.streamplu...lug/beta/SP.cab (StreamPlug Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/09 13:50:40 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/06/09 13:50:40 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\OTL.exe
[2009/06/09 13:29:41 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/09 13:28:53 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\Rooter.exe
[2009/06/09 09:59:30 | 00,451,655 | ---- | C] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\RootRepeal.zip
[2009/06/09 09:39:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/06/08 19:01:22 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/06/08 19:01:22 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/06/08 19:01:22 | 00,001,709 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/06/08 19:01:21 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/06/08 19:01:19 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/06/08 19:01:19 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/06/08 19:01:19 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/06/08 19:01:19 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/06/08 19:01:19 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/06/08 19:01:02 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/06/08 19:01:02 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/06/08 19:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/06/08 17:49:53 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/06/08 17:39:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/08 17:39:15 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\NTREGOPT.lnk
[2009/06/08 17:39:15 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\ERUNT.lnk
[2009/06/08 17:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/08 17:38:52 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\erunt_setup.exe
[2009/06/08 17:29:26 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\hgb.exe
[2009/06/08 16:36:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\Macromedia
[2009/06/08 16:34:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\Adobe
[2009/06/08 16:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/06/08 15:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\ZoomBrowser EX
[2009/06/08 15:10:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/06/08 00:09:25 | 06,585,704 | ---- | C] (Microsoft Corporation) -- C:\DOCUME~1\ADMINI~1.BRI\My Documents\PrimaryInteropAssembly.exe
[2009/06/07 14:00:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\Nero
[2009/06/07 13:53:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\Mozilla
[2009/06/07 13:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\Malwarebytes
[2009/06/07 13:41:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator.BRINDI\Application Data\desktop.ini
[2009/06/07 13:41:05 | 00,000,076 | -HS- | C] () -- C:\DOCUME~1\ADMINI~1.BRI\My Documents\desktop.ini
[2009/06/07 13:41:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator.BRINDI\Local Settings\desktop.ini
[2009/06/07 13:41:04 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator.BRINDI\Start Menu\Programs\Startup\desktop.ini
[2009/06/07 13:41:04 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\Microsoft
[2009/06/07 13:41:04 | 00,000,000 | R--D | C] -- C:\DOCUME~1\ADMINI~1.BRI\My Documents\My Pictures
[2009/06/07 13:41:04 | 00,000,000 | R--D | C] -- C:\DOCUME~1\ADMINI~1.BRI\My Documents\My Music
[2009/06/07 13:41:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRINDI\Local Settings\Temporary Internet Files
[2009/06/07 13:41:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.BRINDI\Local Settings\History
[2009/06/07 13:41:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.BRINDI\Local Settings\Application Data
[2009/06/07 13:41:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Local Settings\Temp
[2009/06/07 13:41:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\You've Got Pictures Screensaver
[2009/06/07 13:41:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\SampleView
[2009/06/07 13:41:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\Identities
[2009/06/07 13:41:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.BRINDI\Application Data\AOL
[2009/06/07 00:09:39 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\ro122730.dat
[2009/06/07 00:09:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sysloc
[2009/06/07 00:09:30 | 00,071,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\avgirylfbev.sys
[2009/06/06 22:17:42 | 00,000,582 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/06 22:17:40 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/06 22:17:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/06 22:17:39 | 00,000,000 | ---D | C] -- C:\Program Files\brindi
[2009/06/06 22:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/06 22:11:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/06 22:04:12 | 00,000,000 | ---D | C] -- C:\Program Files\notmbam2
[2009/06/06 21:43:35 | 00,000,000 | ---D | C] -- C:\Program Files\notmbam
[2009/06/06 21:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/06/06 11:43:58 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/06 11:31:33 | 00,002,369 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Nero StartSmart.lnk
[2009/06/06 11:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/06/06 11:30:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/06/05 02:12:20 | 00,000,000 | ---D | C] -- C:\Sch
[2009/06/04 15:28:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IBCOMMON
[2009/06/04 13:10:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/06/04 13:00:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/06/04 13:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/06/04 13:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/06/04 13:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/06/04 12:58:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/06/04 12:57:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/06/04 12:52:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/06/04 12:52:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/06/04 11:29:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/06/04 11:28:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/06/03 18:05:43 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\gxvxccount
[2009/05/26 20:00:02 | 00,000,000 | ---D | C] -- C:\ed9931534decd1948dde071ae5a1
[2009/03/14 13:42:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\sensor.INI
[2009/03/14 12:58:58 | 00,000,020 | ---- | C] () -- C:\WINDOWS\PCSys.dll
[2008/06/24 13:40:52 | 00,921,600 | ---- | C] () -- C:\WINDOWS\vorbisenc.dll
[2008/06/24 13:40:52 | 00,237,568 | ---- | C] () -- C:\WINDOWS\OggDS.dll
[2008/06/24 13:40:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2008/06/24 13:40:52 | 00,045,056 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2008/06/24 13:40:51 | 00,066,048 | ---- | C] () -- C:\WINDOWS\MP4.dll
[2008/06/24 13:40:51 | 00,023,552 | ---- | C] () -- C:\WINDOWS\mkunicode.dll
[2008/06/11 13:43:45 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/13 15:19:54 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/02/06 14:21:42 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2008/02/03 12:40:34 | 00,000,045 | ---- | C] () -- C:\WINDOWS\INSTALL.INI
[2007/10/30 17:07:39 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/24 23:53:45 | 00,000,118 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/10/11 15:35:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/10/11 11:34:26 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/10 00:56:26 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/09 02:21:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/14 17:14:12 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/14 17:14:12 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/14 17:14:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/14 17:14:10 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/14 17:14:09 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/14 17:14:09 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/14 17:14:07 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/09/15 15:40:22 | 00,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/08/27 03:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 00,000,487 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 09:12:21 | 00,000,571 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 09:12:17 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/06/09 13:50:40 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\OTL.exe
[2009/06/09 13:29:40 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\Rooter.exe
[2009/06/09 09:59:48 | 00,451,655 | ---- | M] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\RootRepeal.zip
[2009/06/09 09:49:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator.BRINDI\Local Settings\desktop.ini
[2009/06/09 09:48:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/09 09:43:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/09 09:39:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/06/08 22:29:02 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\gxvxccount
[2009/06/08 19:01:22 | 00,001,709 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/06/08 19:01:19 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/08 17:39:15 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\NTREGOPT.lnk
[2009/06/08 17:39:15 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\ERUNT.lnk
[2009/06/08 17:38:52 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\erunt_setup.exe
[2009/06/08 17:29:30 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\ADMINI~1.BRI\Desktop\hgb.exe
[2009/06/08 09:48:53 | 00,000,571 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/08 09:46:14 | 00,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/08 00:09:25 | 06,585,704 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\ADMINI~1.BRI\My Documents\PrimaryInteropAssembly.exe
[2009/06/07 23:11:23 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/07 00:41:27 | 00,000,582 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/07 00:27:51 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/06/07 00:09:39 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\ro122730.dat
[2009/06/07 00:09:30 | 00,071,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\avgirylfbev.sys
[2009/06/07 00:09:30 | 00,000,150 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/06 11:43:58 | 00,004,767 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2009/06/06 11:31:33 | 00,002,369 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Nero StartSmart.lnk
[2009/06/04 13:15:01 | 00,521,268 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/04 13:15:01 | 00,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/04 13:15:01 | 00,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/04 13:11:31 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/06/04 13:10:35 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/04 13:09:59 | 00,480,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/04 12:56:31 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/03 16:20:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:689E721A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7BE3E15
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E60C72DB
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39ECA677
< End of report >
  • 0

#5
brindilyn.12

brindilyn.12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL Extras.Txt Log -

OTL Extras logfile created on: 6/9/2009 1:52:37 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator.BRINDI\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.36 Mb Total Physical Memory | 646.30 Mb Available Physical Memory | 72.18% Memory free
2.12 Gb Paging File | 2.04 Gb Available in Paging File | 96.33% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.86 Gb Total Space | 76.66 Gb Free Space | 42.15% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.24 Gb Free Space | 50.41% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRINDI
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:SYSDLL
"7171:TCP" = 7171:TCP:*:Enabled:SYSDLL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found
C:\Program Files\Common Files\AOL\1191922256\EE\AOLServiceHost.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM File not found
C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio File not found
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program File not found
C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express File not found
C:\Program Files\VTech\Community\System\PCTray.exe:*:Disabled:Vtech local server File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{19FDB8E4-59AD-4330-9667-E8DCAF018DD3}" = Unload
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{61CF89F5-5175-4b3b-ABB8-C89821252D50}" = HP Photosmart Cameras 6.0
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9B3019EB-DF78-428c-BAEE-9A3B2F629EF3}" = PS380
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A5C573-FB6D-48d8-9F7F-08FC4AD4B488}" = CameraUserGuides
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{c913ad89-df2f-40fd-9458-866f18dc1a1a}" = Nero 9 Trial
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F876A4EC-DD7A-4bf8-A169-E4FD6C60BA3F}" = CameraDrivers
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"avast!" = avast! Antivirus
"BigFix" = BigFix
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"hp print screen utility" = hp print screen utility
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"ODSK" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ViewpointMediaPlayer" = Viewpoint Media Player
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/8/2009 11:49:28 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 6/8/2009 11:52:29 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 6/8/2009 11:54:09 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 6/9/2009 12:51:09 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 6/9/2009 12:51:09 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 6/9/2009 12:51:31 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 6/9/2009 12:55:42 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 6/9/2009 4:14:40 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 6/9/2009 4:51:31 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 6/9/2009 4:51:31 PM | Computer Name = BRINDI | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

[ Application Events ]
Error - 6/8/2009 6:26:30 PM | Computer Name = BRINDI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00001e84.

[ System Events ]
Error - 6/9/2009 12:43:10 PM | Computer Name = BRINDI | Source = iviVD | ID = 262153
Description = The device, \Device\Scsi\iviVD1, did not respond within the timeout
period.

Error - 6/9/2009 12:48:54 PM | Computer Name = BRINDI | Source = iviVD | ID = 262153
Description = The device, \Device\Scsi\iviVD1, did not respond within the timeout
period.

Error - 6/9/2009 12:49:27 PM | Computer Name = BRINDI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/9/2009 12:50:13 PM | Computer Name = BRINDI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Fips Processor

Error - 6/9/2009 12:57:10 PM | Computer Name = BRINDI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/9/2009 1:19:41 PM | Computer Name = BRINDI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/9/2009 4:28:13 PM | Computer Name = BRINDI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/9/2009 4:28:39 PM | Computer Name = BRINDI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/9/2009 4:47:18 PM | Computer Name = BRINDI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/9/2009 4:47:35 PM | Computer Name = BRINDI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >
  • 0

#6
brindilyn.12

brindilyn.12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Mbam Log --

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

6/9/2009 2:17:08 PM
mbam-log-2009-06-09 (14-17-08).txt

Scan type: Quick Scan
Objects scanned: 120264
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP