Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus 2009 [Solved]


  • This topic is locked This topic is locked

#1
Cdn_Red

Cdn_Red

    Member

  • Member
  • PipPip
  • 37 posts
Hello

I am trying to help my boyfriend clean up an infection on his computer. He accidentally installed Antivirus 2009 and has since been getting "Bad Image" errors when launching any .exe file. He was also having web redirects which seem to have been fixed. Periodically, when visiting a URL he would a get a blank page saying "Welcome to MIVA DLL. Enjoy your stay" which seem to have stopped at this point.

Currently, his computer will only boot up in safe mode. I have followed all the steps in the Removal Guide; however, the computer will install Malwarebytes' Anti-Malware but it refuses to run the program. I have tried running it from a flash drive and I have tried renaming it -- to no avail. Additionally, the system restore program will not run in Safe Mode. He had not created any Windows System Restore points and I cannot create any in safe mode. Below are the Rooter and OTL logs.

Thank you

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18783
Mozilla Firefox 3.0.11 (en-GB)
.
C:\ [Fixed-NTFS] .. ( Total:138 Go - Free:90 Go )
D:\ [Fixed-NTFS] .. ( Total:10 Go - Free:4 Go )
E:\ [CD_Rom]
.
Scan : 10:07.11
Path : C:\Users\robert\Downloads\Rooter.exe
User : robert ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (356)
______ C:\Windows\system32\csrss.exe (416)
______ C:\Windows\system32\csrss.exe (452)
______ C:\Windows\system32\wininit.exe (460)
______ C:\Windows\system32\winlogon.exe (488)
______ C:\Windows\system32\services.exe (536)
______ C:\Windows\system32\lsass.exe (548)
______ C:\Windows\system32\lsm.exe (556)
______ C:\Windows\system32\svchost.exe (692)
______ C:\Windows\system32\svchost.exe (764)
______ C:\Windows\System32\svchost.exe (916)
______ C:\Windows\system32\svchost.exe (964)
______ C:\Windows\System32\svchost.exe (1036)
______ C:\Windows\system32\svchost.exe (1064)
______ C:\Windows\system32\svchost.exe (1084)
______ C:\Windows\system32\svchost.exe (1204)
______ C:\Windows\system32\svchost.exe (1304)
______ C:\Windows\Explorer.EXE (896)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (1656)
______ C:\Program Files\Mozilla Firefox\firefox.exe (1552)
______ C:\Windows\notepad.exe (1464)
______ C:\Windows\notepad.exe (2024)
______ C:\Users\robert\Downloads\Rooter.exe (1948)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:11112321024)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:11112353280 | Length:148926919680)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\PersonalAV.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 10:07.14
.
C:\Rooter$\Rooter_6.txt - (10/07/2009 | 10:07.14)

OTL logfile created on: 10/07/2009 9:52:17 AM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Users\robert\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.37% Memory free
4.00 Gb Paging File | 3.89 Gb Available in Paging File | 97.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 90.37 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Drive D: | 10.35 Gb Total Space | 4.40 Gb Free Space | 42.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-PC
Current User Name: robert
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\robert\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Auto | Stopped]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IAANTMON [Auto | Stopped]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Stopped]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (SeaPort [Auto | Stopped]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SfCtlCom [Auto | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TMBMServer [Auto | Stopped]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [On_Demand | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (tmproxy [On_Demand | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Stopped]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Stopped]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmactmon [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmlwf [System | Running]) -- C:\Windows\System32\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Stopped]) -- C:\Windows\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmwfp [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (UVCFTR [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsapint [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...B&M=T-6816H
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...B&M=T-6816H
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn...aspx?lang=en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://sympatico.msn...en-CA&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 F4 48 15 0A 00 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 03:01:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 09:46:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/15 09:46:40 | 00,000,000 | ---D | M]

[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions
[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/10 09:50:00 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions
[2009/06/25 16:42:31 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/08 00:34:35 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/03/31 09:27:07 | 00,001,632 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\live-search.xml
[2008/05/25 08:58:02 | 00,002,386 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\siteadvisor.xml
[2007/09/05 22:49:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/15 09:46:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/03 17:45:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/06/15 09:46:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/15 09:46:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/25 10:24:11 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/04 17:57:08 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/01/07 19:14:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/02/05 00:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/06/15 09:46:37 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/29 13:25:40 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/29 13:25:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/29 13:25:40 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/29 13:25:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/29 13:25:40 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/29 13:25:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/25 10:24:11 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/07/25 10:24:11 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/03/29 13:25:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/29 13:25:40 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe (BigFix Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NapsterShell] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\RunOnce: [TSC] C:\Program Files\Trend Micro\Internet Security\tsc.exe (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/10 09:48:57 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/10 09:48:19 | 00,000,733 | ---- | C] () -- C:\Users\robert\Desktop\NTREGOPT.lnk
[2009/07/10 09:48:19 | 00,000,714 | ---- | C] () -- C:\Users\robert\Desktop\ERUNT.lnk
[2009/07/10 09:48:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/10 09:42:32 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/10 09:42:28 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/10 09:42:26 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/10 09:42:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/10 09:42:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/08 22:18:59 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/07 23:30:42 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009/07/07 19:40:38 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2009/07/04 20:46:47 | 00,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2009/07/04 18:43:05 | 00,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2009/06/29 10:34:41 | 00,000,228 | ---- | C] () -- C:\Windows\tasks\PersonalAV.job
[2009/06/29 10:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2009/06/15 09:57:08 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/15 09:57:08 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/15 09:57:08 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/15 09:57:07 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/15 09:57:07 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008/01/04 17:58:50 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 17:56:24 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/22 18:54:34 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/09/16 23:27:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/04 08:53:17 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/04 08:53:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/06/04 08:48:56 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,359 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/07/10 09:48:19 | 00,000,733 | ---- | M] () -- C:\Users\robert\Desktop\NTREGOPT.lnk
[2009/07/10 09:48:19 | 00,000,714 | ---- | M] () -- C:\Users\robert\Desktop\ERUNT.lnk
[2009/07/10 09:42:32 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/10 09:33:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/08 17:13:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/08 17:13:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/08 12:32:20 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/08 12:32:20 | 00,601,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/08 12:32:20 | 00,105,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/04 23:23:32 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/04 18:45:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/04 18:45:18 | 00,000,228 | ---- | M] () -- C:\Windows\tasks\PersonalAV.job
[2009/07/04 18:45:15 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
[2009/07/04 18:43:12 | 00,010,752 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >

OTL Extras logfile created on: 10/07/2009 9:52:17 AM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Users\robert\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.37% Memory free
4.00 Gb Paging File | 3.89 Gb Available in Paging File | 97.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 90.37 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Drive D: | 10.35 Gb Total Space | 4.40 Gb Free Space | 42.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-PC
Current User Name: robert
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{81D831EA-7E70-4F41-AE00-A43D1AC55D9E}" = Sympatico / MSN Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Gateway Game Console" = Gateway Game Console
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT021682" = FATE
"WT021888" = Bejeweled 2 Deluxe
"WT021890" = Blackhawk Striker 2
"WT021892" = Blasterball 3
"WT021894" = Diner Dash - Flo on the Go
"WT021896" = Family Feud 2
"WT021900" = Penguins!
"WT021902" = Polar Bowler
"WT021904" = Polar Golfer
"WT022436" = Tradewinds

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2008 6:26:58 AM | Computer Name = robert-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20/10/2008 10:57:59 AM | Computer Name = robert-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/10/2008 3:17:14 PM | Computer Name = robert-PC | Source = Application Error | ID = 1000
Description = Faulting application WINWORD.EXE, version 12.0.6308.5000, time stamp
0x47e547c5, faulting module hpz3r4v2.dll, version 61.63.247.0, time stamp 0x45949947,
exception code 0xc0000005, fault offset 0x00045a98, process id 0x1254, application
start time 0x01c9353f7a47ad26.

Error - 14/11/2008 4:34:28 PM | Computer Name = robert-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000374, fault offset 0x000b015d, process id 0x1554, application
start time 0x01c94697fc1ec210.

Error - 17/11/2008 11:47:42 AM | Computer Name = robert-PC | Source = Application Error | ID = 1000
Description = Faulting application mcproxy.exe, version 1.2.138.0, time stamp 0x461e42ac,
faulting module mcadaptr.dll, version 8.2.137.0, time stamp 0x461c1acc, exception
code 0x40000015, fault offset 0x0000259f, process id 0x258, application start time
0x01c948cb6ba79c27.

Error - 22/11/2008 10:23:46 AM | Computer Name = robert-PC | Source = Application Error | ID = 1000
Description = Faulting application mcproxy.exe, version 1.2.138.0, time stamp 0x461e42ac,
faulting module mcadaptr.dll, version 8.2.137.0, time stamp 0x461c1acc, exception
code 0x40000015, fault offset 0x0000259f, process id 0x160, application start time
0x01c94cad961564d1.

Error - 25/11/2008 1:16:26 PM | Computer Name = robert-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 01/12/2008 5:07:41 PM | Computer Name = robert-PC | Source = Application Error | ID = 1000
Description = Faulting application distnoted.exe, version 8.0.441.3, time stamp
0x48daa603, faulting module CoreFoundation.dll, version 8.0.441.3, time stamp 0x48daa601,
exception code 0xc0000005, fault offset 0x00008335, process id 0x1638, application
start time 0x01c953da9af09333.

Error - 01/12/2008 5:08:28 PM | Computer Name = robert-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 01/12/2008 5:08:29 PM | Computer Name = robert-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 28/11/2007 6:40:49 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 04/12/2007 8:46:46 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/12/2007 12:53:49 AM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 14/12/2007 8:49:18 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 16/04/2008 11:56:03 AM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 11/09/2008 3:39:22 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/10/2008 3:36:07 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/12/2008 4:29:28 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/04/2009 3:27:24 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 09/06/2009 2:00:40 PM | Computer Name = robert-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 08/07/2009 10:11:18 PM | Computer Name = robert-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 08/07/2009 10:15:59 PM | Computer Name = robert-PC | Source = DCOM | ID = 10005
Description =

Error - 08/07/2009 10:16:08 PM | Computer Name = robert-PC | Source = DCOM | ID = 10005
Description =

Error - 08/07/2009 10:16:09 PM | Computer Name = robert-PC | Source = DCOM | ID = 10005
Description =

Error - 10/07/2009 9:35:03 AM | Computer Name = robert-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/07/2009 9:35:03 AM | Computer Name = robert-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/07/2009 9:39:32 AM | Computer Name = robert-PC | Source = DCOM | ID = 10005
Description =

Error - 10/07/2009 9:39:41 AM | Computer Name = robert-PC | Source = DCOM | ID = 10005
Description =

Error - 10/07/2009 9:39:42 AM | Computer Name = robert-PC | Source = DCOM | ID = 10005
Description =

Error - 10/07/2009 9:39:47 AM | Computer Name = robert-PC | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

Advertisements


#2
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hello Cdn_Red

Welcome to GeeksToGo!

My name is chamber and I'll be helping you today.

As I am still in training all of my posts have to checked by an expert so there may be some delay between replies.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother.
  • Please have patience, logs take time to properly research so I will not be able to reply immediately.
  • Make sure that you are set to receive an email when I do reply to this topic, this will ensure that you don't miss any replies.
  • There are no silly questions so please just ask! Better safe than sorry.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, just ask!
  • Make sure you reply to this thread only, do not start new topics.

Please read my posts completely before following the instructions.
  • 0

#3
Cdn_Red

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thank you in advance for your help.

I am set up to receive emails when I get replies.

Thanks again.
  • 0

#4
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Sorry for the delay.

Lets get started then.

If you can transfer ComboFix from a clean computer and run it from the USB then do that, I would also use safe mode without networking because then you won't be as vulnerable by being online without any sort of antivrus etc. running.


1) OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [NapsterShell] File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    [2009/07/04 18:43:05 | 00,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
    [2009/06/29 10:34:41 | 00,000,228 | ---- | C] () -- C:\Windows\tasks\PersonalAV.job
    [2009/07/04 18:45:15 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

2) ComboFix

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

In your reply I would like to see copied and pasted,

1) OTL fix log
2) ComboFix log

  • 0

#5
Cdn_Red

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I am very sorry for the delay but I am now having (unrelated) Internet connectivity problems at home. I will need to try and download the programs tomorrow at my office.

Thank you again
  • 0

#6
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
No problem. Just post when ready. :)
  • 0

#7
Cdn_Red

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks for your help and patience. I was finally able to download ComboFix.

I ran OTL and pasted the log below (this magically fixed the "Bad Image" error messages I was getting). I can still only boot the computer in safe mode (it refuses to boot normally). I cannot disable the antivirus program in safe mode, nor can I remove the program. Combo Fix gives me a warning that running the program with my antivirus active will cause problems and may cause system damage so I did not proceed. It then gives me a "failed to initialize" error. If I could get the computer to boot normally, I would be able to disable it...

I don't know if it helps on its own but here is my OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NapsterShell deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe not found.
C:\Windows\DCEBoot.exe moved successfully.
C:\Windows\tasks\PersonalAV.job moved successfully.
C:\Windows\tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: robert
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 103963 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38806658 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 5450000 bytes

Total Files Cleaned = 42.34 mb


OTL by OldTimer - Version 3.0.7.1 log created on 07152009_085537

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Lets see if we can do anything with this, this can be run in safe mode. After it runs can you see if you can get into normal mode?

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Analysis" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#9
Cdn_Red

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks. I was able to download and run AVZ (zip files attached). Unfortunately I am still not able to boot in normal mode so I am still working in Safe Mode.

The zip files are attached.

Attached File  virusinfo_syscheck.zip   14.31KB   235 downloads
Attached File  virusinfo_syscure.zip   14.96KB   156 downloads
  • 0

#10
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red

We're going to try and run ComboFix again, but in a slightly different way, if any warnings about antivirus come up just continue on with running Combofix.

1) AVZ

  • Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program

    beginSearchRootkit(true, true);SetAVZGuardStatus(True); QuarantineFile('D:\autorun.inf',''); QuarantineFile('C:\Windows\Installer\27532a5.msi',''); QuarantineFile('C:\Program Files\Common Files\Windows Live\.cache\445b42801c9b202\fssclient_x86.msi',''); BC_DeleteFile('C:\Program Files\Common Files\Windows Live\.cache\445b42801c9b202\fssclient_x86.msi'); BC_DeleteFile('C:\Windows\Installer\27532a5.msi'); BC_DeleteFile('D:\autorun.inf');BC_ImportDeletedList;BC_Activate;RebootWindows(true);end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically, and post back with a new HijackThis log.

2) ComboFix

Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.
  • 0

Advertisements


#11
Cdn_Red

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello,

I'm not sure I 100% understand. You wrote "Restart your PC if it doesn't do it automatically, and post back with a new HijackThis log." I ran AVZ with the custom script but it didn't produce a log. Do I need to run Hijack This again?

I ran ComboFix with your instructions (I needed to add the hyphen so it would find it since I had renamed it on download per your instructions). When it rebooted my computer, it didn't load in normal mode and I had to restart in safe mode again and it didn't produce a log. When it was running it gave me a few "Access denied, need administrator priveleges" errors though I am logged in through the administrator account.
  • 0

#12
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Sorry about that, it should have said OTL log. AVZ doesn't produce a log for you.

Can you check if there is a log at C:\Combofix.txt?
  • 0

#13
Cdn_Red

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I did "Run Scan" in OTL; the log is below. There is no file at C:\Combofix.txt or C:\Combo-fix.txt. I ran it again and made sure to let it reboot right into safe mode instead of having to shut down and manually reboot.

Once the computer reboots, should I be running ComboFix again or is the log supposed to be created automatically after the program itself reboots the computer?

OTL log:

OTL logfile created on: 17/07/2009 8:04:28 PM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\robert\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.62% Memory free
4.00 Gb Paging File | 3.88 Gb Available in Paging File | 97.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 90.35 Gb Free Space | 65.14% Space Free | Partition Type: NTFS
Drive D: | 10.35 Gb Total Space | 4.40 Gb Free Space | 42.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-PC
Current User Name: robert
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Users\robert\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (a2AntiMalware [Auto | Stopped]) -- File not found
SRV - (AgereModemAudio [Auto | Stopped]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqcxs08 [On_Demand | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IAANTMON [Auto | Stopped]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Stopped]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (SeaPort [Auto | Stopped]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SfCtlCom [Auto | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TMBMServer [On_Demand | Stopped]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [Auto | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (tmproxy [On_Demand | Stopped]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Stopped]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Stopped]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmactmon [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmlwf [System | Running]) -- C:\Windows\System32\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Stopped]) -- C:\Windows\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmwfp [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (UVCFTR [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsapint [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...B&M=T-6816H
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...B&M=T-6816H
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn...aspx?lang=en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://sympatico.msn...en-CA&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 F4 48 15 0A 00 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 03:01:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 09:46:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/15 09:46:40 | 00,000,000 | ---D | M]

[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions
[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/16 17:53:44 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions
[2009/06/25 16:42:31 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/08 00:34:35 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/03/31 09:27:07 | 00,001,632 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\live-search.xml
[2008/05/25 08:58:02 | 00,002,386 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\siteadvisor.xml
[2007/09/05 22:49:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/15 09:46:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/03 17:45:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/06/15 09:46:36 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/15 09:46:36 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/25 10:24:11 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/04 17:57:08 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/01/07 19:14:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/02/05 00:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/06/15 09:46:37 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/29 13:25:40 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/29 13:25:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/29 13:25:40 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/29 13:25:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/29 13:25:40 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/29 13:25:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/25 10:24:11 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/07/25 10:24:11 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/03/29 13:25:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/29 13:25:40 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe (BigFix Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\RunOnce: [TSC] C:\Program Files\Trend Micro\Internet Security\tsc.exe (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/17 14:48:54 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/17 14:48:53 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF11391.exe
[2009/07/17 14:14:03 | 00,219,648 | ---- | C] () -- C:\Windows\PEV.exe
[2009/07/17 14:14:03 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/07/17 14:14:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/07/17 14:14:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/07/17 14:14:03 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/07/17 14:14:03 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/07/17 14:14:03 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/17 14:14:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/17 14:13:52 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF4536.exe
[2009/07/16 17:47:09 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\avz4
[2009/07/15 18:35:55 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF15873.exe
[2009/07/15 18:35:55 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2009/07/15 09:12:37 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 08:55:37 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/15 08:54:16 | 03,137,363 | R--- | C] () -- C:\Users\robert\Desktop\Combo-Fix.exe
[2009/07/15 08:51:10 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2009/07/10 22:00:19 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/10 22:00:13 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/10 22:00:12 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/10 22:00:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/10 22:00:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/10 09:48:57 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/10 09:48:19 | 00,000,733 | ---- | C] () -- C:\Users\robert\Desktop\NTREGOPT.lnk
[2009/07/10 09:48:19 | 00,000,714 | ---- | C] () -- C:\Users\robert\Desktop\ERUNT.lnk
[2009/07/10 09:48:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/08 22:18:59 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/07 23:30:42 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009/07/07 19:40:38 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2009/07/04 20:46:47 | 00,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2009/06/29 10:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Uninstall
[2008/01/04 17:58:50 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 17:56:24 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/22 18:54:34 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/09/16 23:27:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/04 08:53:17 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/04 08:53:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/06/04 08:48:56 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,359 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/07/17 20:01:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/17 14:48:29 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11391.exe
[2009/07/17 14:13:30 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF4536.exe
[2009/07/15 18:35:32 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF15873.exe
[2009/07/15 09:18:42 | 00,001,356 | ---- | M] () -- C:\Users\robert\AppData\Local\d3d9caps.dat
[2009/07/15 08:54:42 | 03,137,363 | R--- | M] () -- C:\Users\robert\Desktop\Combo-Fix.exe
[2009/07/15 08:51:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\Windows\PEV.exe
[2009/07/10 22:00:19 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/10 09:48:19 | 00,000,733 | ---- | M] () -- C:\Users\robert\Desktop\NTREGOPT.lnk
[2009/07/10 09:48:19 | 00,000,714 | ---- | M] () -- C:\Users\robert\Desktop\ERUNT.lnk
[2009/07/08 17:13:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/08 17:13:16 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/08 12:32:20 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/08 12:32:20 | 00,601,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/08 12:32:20 | 00,105,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/04 23:23:32 | 00,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/04 18:45:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
< End of report >
  • 0

#14
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Can you describe exactly what happens when you attempt to boot into normal mode?

Does it reboot - stall, or just fail to reach it?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (a2AntiMalware [Auto | Stopped]) -- File not found
    O4 - HKLM..\RunOnce: [] File not found
    [2009/07/17 14:48:29 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11391.exe
    [2009/07/17 14:13:30 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF4536.exe
    [2009/07/15 18:35:32 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF15873.exe
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Lets get rid of the version of ComboFix that you have,

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#15
Cdn_Red

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello,

When I attempt to boot into normal mode, the computer boots and Windows starts to load. I get to the point just before you would normally get the Windows "orb" and then the login screen would appear. Instead, I get a black screen with an arrow cursor that doesn't move. Then I must manually shut down the computer and reboot into safe mode.

I ran OTL using the script and the log is below.

When I attempt to uninstall ComboFix, it tells me the program has been uninstalled but it is actually still on the desktop. When I try to downlod ComboFix and rename it, it won't let me save it as Combo-Fix as the file already exists. I am unable to disable my antivirus, perhaps this is the problem?

My OTL log:

All processes killed
========== OTL ==========

Service\Driver a2AntiMalware deleted successfully.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
C:\Windows\System32\CF11391.exe moved successfully.
C:\Windows\System32\CF4536.exe moved successfully.
C:\Windows\System32\CF15873.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 83024 bytes
->Temporary Internet Files folder emptied: 4262682 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: robert
->Temp folder emptied: 15878362 bytes
->Temporary Internet Files folder emptied: 2302226 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34640676 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2916 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.52 mb


OTL by OldTimer - Version 3.0.7.1 log created on 07182009_120121
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP