Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run antivirus software. File ownership access changes

Started by putt74 , Sep 01 2009 04:27 PM

  • Please log in to reply

#1
putt74
Posted 01 September 2009 - 04:27 PM

putt74

    New Member

  • Member
  • Pip
  • 5 posts
I have had a tough time removing a virus on my laptop. Access privileges have been altered and I can't run any antivirus software or install new downloads correctly. Please help!
  • 0

Advertisements

#2
putt74
Posted 01 September 2009 - 04:30 PM

putt74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
  • 0

#3
putt74
Posted 01 September 2009 - 04:47 PM

putt74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 9/1/2009 5:38:30 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 161.07 Mb Available Physical Memory | 32.00% Memory free
1.20 Gb Paging File | 0.91 Gb Available in Paging File | 76.25% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.93 Gb Total Space | 2.96 Gb Free Space | 8.74% Space Free | Partition Type: NTFS
Drive D: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP2
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2004/12/06 21:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2004/12/06 21:45:12 | 00,872,556 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/07/21 16:34:02 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2009/06/03 07:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME\TomTomHOMEService.exe
PRC - [2009/07/21 16:34:15 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2005/06/02 16:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/11/19 18:48:14 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2008/11/19 09:37:09 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/05/15 01:19:50 | 00,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/08/04 07:21:38 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/01 17:37:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL(2).exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/21 16:34:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Stopped])
SRV - [2009/07/21 16:34:02 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/06/02 16:54:34 | 00,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/05/15 09:38:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9d56acacb5946 [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2003/07/27 23:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/25 10:40:10 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2009/06/03 07:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2007/03/01 19:55:50 | 03,379,264 | ---- | M] () -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Stopped])
SRV - [2004/12/06 21:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 14 FD 89 CA 62 19 65 4C AC 10 1A 85 2C 89 F8 2A [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{2B617882-EFE4-43E2-85C2-015DF432A3C5}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{2B617882-EFE4-43E2-85C2-015DF432A3C5}\ [2009/01/07 20:11:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/31 21:52:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/29 11:41:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 07:21:43 | 00,000,000 | ---D | M]

[2009/02/04 22:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\mozilla\Extensions
[2008/09/19 16:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/04 22:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\mozilla\Extensions\[email protected]
[2009/09/01 11:51:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\mozilla\Firefox\Profiles\cob6r1qk.default\extensions
[2008/09/19 16:37:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 07:21:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/04 07:21:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 07:21:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/04 07:21:40 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 09:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/11/19 09:37:26 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/11/19 09:37:40 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/11/19 09:37:18 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/11/21 22:04:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/21 22:04:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/13 12:52:14 | 00,001,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2008/11/21 22:04:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/21 22:04:16 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/21 22:04:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/21 22:04:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (716 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {6671f34a-9d8f-40dd-a4ac-b5d5c2af4ec7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 80 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.micros.../i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mapinfo.webe...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\cru629.dat) - C:\WINDOWS\System32\cru629.dat File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\vihokaso.dll) - C:\WINDOWS\System32\vihokaso.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\drivers\smss.exe) - C:\WINDOWS\System32\drivers\smss.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SPAS\SASWINLO.dll - C:\Program Files\SPAS\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\awtuutq: DllName - awtuutq.dll - File not found
O20 - Winlogon\Notify\nnnlkjh: DllName - nnnlkjh.dll - File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNTF.dll (Webroot Software, Inc.)
O20 - Winlogon\Notify\yayvssp: DllName - yayvssp.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SPAS\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c53fc037-ff4e-11dc-98fe-0014a53dfb33}\Shell - "" = AutoRun
O33 - MountPoints2\{c53fc037-ff4e-11dc-98fe-0014a53dfb33}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c53fc037-ff4e-11dc-98fe-0014a53dfb33}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ef59c5a8-df7a-11dd-9a8a-001422c2f5a0}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: msncache - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/09/01 17:37:45 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL(2).exe
[2009/09/01 17:31:54 | 00,514,048 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2009/09/01 17:29:07 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Michael\Desktop\SysRestorePoint.exe
[2009/09/01 17:14:17 | 52,789,2480 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/01 16:42:24 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/01 16:09:37 | 00,000,000 | ---D | C] -- C:\Program Files\HJT
[2009/09/01 16:05:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/01 14:09:16 | 00,001,992 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Document.rtf
[2009/09/01 14:07:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\sdc
[2009/09/01 14:06:46 | 01,882,786 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\SDFix.zip
[2009/09/01 13:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\MB
[2009/09/01 12:24:58 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/01 12:24:54 | 00,000,000 | ---D | C] -- C:\Program Files\SPAS
[2009/09/01 12:11:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/30 16:37:26 | 00,134,062 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(12).jpg
[2009/08/30 16:37:24 | 00,134,062 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(11).jpg
[2009/08/30 12:57:21 | 00,161,317 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(10).jpg
[2009/08/30 12:57:05 | 00,161,317 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(9).jpg
[2009/08/30 12:57:03 | 00,161,317 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(8).jpg
[2009/08/30 12:56:42 | 00,163,842 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(7).jpg
[2009/08/30 12:56:38 | 00,163,842 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(6).jpg
[2009/08/30 12:56:27 | 00,163,842 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(5).jpg
[2009/08/30 12:56:26 | 00,163,842 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(4).jpg
[2009/08/30 12:56:14 | 00,163,842 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(3).jpg
[2009/08/30 12:56:04 | 00,163,842 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo(2).jpg
[2009/08/30 12:56:02 | 00,163,842 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\photo.jpg
[2009/08/29 14:57:24 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Super Antispyware Important Notes.doc
[2009/08/29 14:44:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/29 14:43:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/29 14:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
[2009/08/29 14:43:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/29 14:40:50 | 06,881,824 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\sass.exe
[2009/08/29 14:25:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/29 14:13:31 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mb.exe
[2009/08/29 05:19:33 | 00,006,489 | -HS- | C] () -- C:\WINDOWS\System32\gayusomi.dll
[2009/08/23 14:15:57 | 00,052,520 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\SpiritStandards2-09.pdf
[2009/08/22 15:57:49 | 00,017,466 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gyxo.vbs
[2009/08/22 15:57:49 | 00,012,548 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\yxuqybev.inf
[2009/08/22 15:57:49 | 00,011,410 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\ofibeme._sy
[2009/08/22 15:57:49 | 00,010,813 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sorewygin.db
[2009/08/22 15:57:48 | 00,018,122 | ---- | C] () -- C:\WINDOWS\System32\igihomic.com
[2009/08/22 15:57:48 | 00,017,841 | ---- | C] () -- C:\WINDOWS\ytohowovyq.dl
[2009/08/22 15:57:48 | 00,017,246 | ---- | C] () -- C:\WINDOWS\System32\lujiligi.ban
[2009/08/22 15:57:48 | 00,017,118 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\uzuxobyzec._dl
[2009/08/22 15:57:48 | 00,016,720 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\hybih.vbs
[2009/08/22 15:57:48 | 00,016,556 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wyvyneqoh.scr
[2009/08/22 15:57:48 | 00,016,514 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\ozujyrihu.com
[2009/08/22 15:57:48 | 00,016,134 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bomumyd.pif
[2009/08/22 15:57:48 | 00,016,051 | ---- | C] () -- C:\Program Files\Common Files\vodoxopac.vbs
[2009/08/22 15:57:48 | 00,015,022 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\eryzaxu.bat
[2009/08/22 15:57:48 | 00,014,277 | ---- | C] () -- C:\WINDOWS\aden.bat
[2009/08/22 15:57:48 | 00,013,678 | ---- | C] () -- C:\WINDOWS\uhalot.vbs
[2009/08/22 15:57:48 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\urobozesyb._sy
[2009/08/22 15:57:48 | 00,012,324 | ---- | C] () -- C:\WINDOWS\ditomudov.pif
[2009/08/22 15:57:48 | 00,011,995 | ---- | C] () -- C:\Program Files\Common Files\asufe.reg
[2009/08/22 15:57:48 | 00,011,604 | ---- | C] () -- C:\WINDOWS\nynoseco.sys
[2009/08/22 15:57:48 | 00,011,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\orez.bin
[2009/08/22 15:57:48 | 00,010,486 | ---- | C] () -- C:\WINDOWS\lydabagina.lib
[2009/08/22 15:47:23 | 00,191,090 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/21 14:38:23 | 00,002,424 | -H-- | C] () -- C:\Documents and Settings\Michael\Desktop\ZbThumbnail.info

========== Files - Modified Within 14 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Michael\My Documents\*.tmp files]
[2009/09/01 17:37:45 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL(2).exe
[2009/09/01 17:31:55 | 00,514,048 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2009/09/01 17:29:07 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Michael\Desktop\SysRestorePoint.exe
[2009/09/01 17:26:11 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/01 17:18:17 | 00,000,974 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/01 17:18:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/01 17:18:17 | 00,000,211 | -H-- | M] () -- C:\boot.ini
[2009/09/01 17:16:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/01 17:14:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/01 17:14:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/01 17:14:17 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/01 14:09:17 | 00,001,992 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Document.rtf
[2009/09/01 14:06:47 | 01,882,786 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\SDFix.zip
[2009/09/01 13:47:07 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/01 13:36:46 | 62,778,6752 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2009/09/01 12:24:58 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/30 16:37:27 | 00,134,062 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(12).jpg
[2009/08/30 16:37:26 | 00,134,062 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(11).jpg
[2009/08/30 12:57:22 | 00,161,317 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(10).jpg
[2009/08/30 12:57:06 | 00,161,317 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(9).jpg
[2009/08/30 12:57:03 | 00,161,317 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(8).jpg
[2009/08/30 12:56:42 | 00,163,842 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(7).jpg
[2009/08/30 12:56:38 | 00,163,842 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(6).jpg
[2009/08/30 12:56:28 | 00,163,842 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(5).jpg
[2009/08/30 12:56:26 | 00,163,842 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(4).jpg
[2009/08/30 12:56:15 | 00,163,842 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(3).jpg
[2009/08/30 12:56:05 | 00,163,842 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo(2).jpg
[2009/08/30 12:56:04 | 00,163,842 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\photo.jpg
[2009/08/29 17:09:08 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\IconCache.db
[2009/08/29 15:29:04 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\luyosoge
[2009/08/29 14:57:25 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Super Antispyware Important Notes.doc
[2009/08/29 14:40:57 | 06,881,824 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\sass.exe
[2009/08/29 14:14:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/29 14:13:42 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael\Desktop\mb.exe
[2009/08/29 05:19:33 | 00,006,489 | -HS- | M] () -- C:\WINDOWS\System32\gayusomi.dll
[2009/08/29 05:19:10 | 00,829,476 | -HS- | M] () -- C:\WINDOWS\System32\disuhayu.exe
[2009/08/28 17:19:04 | 00,829,476 | -HS- | M] () -- C:\WINDOWS\System32\gigivada.exe
[2009/08/28 17:11:50 | 00,191,090 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/28 16:07:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/23 14:18:14 | 00,052,520 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\SpiritStandards2-09.pdf
[2009/08/22 15:57:49 | 00,017,466 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gyxo.vbs
[2009/08/22 15:57:49 | 00,012,548 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\yxuqybev.inf
[2009/08/22 15:57:49 | 00,011,410 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\ofibeme._sy
[2009/08/22 15:57:49 | 00,010,813 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sorewygin.db
[2009/08/22 15:57:48 | 00,018,122 | ---- | M] () -- C:\WINDOWS\System32\igihomic.com
[2009/08/22 15:57:48 | 00,017,841 | ---- | M] () -- C:\WINDOWS\ytohowovyq.dl
[2009/08/22 15:57:48 | 00,017,246 | ---- | M] () -- C:\WINDOWS\System32\lujiligi.ban
[2009/08/22 15:57:48 | 00,017,118 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\uzuxobyzec._dl
[2009/08/22 15:57:48 | 00,016,720 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hybih.vbs
[2009/08/22 15:57:48 | 00,016,556 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\wyvyneqoh.scr
[2009/08/22 15:57:48 | 00,016,514 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\ozujyrihu.com
[2009/08/22 15:57:48 | 00,016,134 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bomumyd.pif
[2009/08/22 15:57:48 | 00,016,051 | ---- | M] () -- C:\Program Files\Common Files\vodoxopac.vbs
[2009/08/22 15:57:48 | 00,015,022 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\eryzaxu.bat
[2009/08/22 15:57:48 | 00,014,277 | ---- | M] () -- C:\WINDOWS\aden.bat
[2009/08/22 15:57:48 | 00,013,678 | ---- | M] () -- C:\WINDOWS\uhalot.vbs
[2009/08/22 15:57:48 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\urobozesyb._sy
[2009/08/22 15:57:48 | 00,012,324 | ---- | M] () -- C:\WINDOWS\ditomudov.pif
[2009/08/22 15:57:48 | 00,011,995 | ---- | M] () -- C:\Program Files\Common Files\asufe.reg
[2009/08/22 15:57:48 | 00,011,604 | ---- | M] () -- C:\WINDOWS\nynoseco.sys
[2009/08/22 15:57:48 | 00,011,275 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\orez.bin
[2009/08/22 15:57:48 | 00,010,486 | ---- | M] () -- C:\WINDOWS\lydabagina.lib
[2009/08/21 14:39:21 | 00,118,272 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 14:38:24 | 00,002,424 | -H-- | M] () -- C:\Documents and Settings\Michael\Desktop\ZbThumbnail.info
[2009/08/21 14:38:07 | 00,002,455 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ZoomBrowser.lnk

========== LOP Check ==========

[2009/08/29 14:44:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/30 13:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10522964
[2009/06/13 12:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\90532956
[2008/01/25 11:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2008/11/25 11:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/04/30 15:24:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBoingo
[2005/11/23 22:47:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/02/26 12:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2008/12/23 14:39:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/08/10 14:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/12/19 09:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2007/03/18 09:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/04 22:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/08/29 15:58:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/30 16:58:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/29 14:43:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Michael\Application Data
[2009/08/22 15:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Azureus
[2008/08/16 16:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\BitTorrent
[2006/01/18 15:55:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\CyberLink
[2008/01/25 11:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DassaultSystemes
[2008/08/31 09:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DNA
[2006/04/18 22:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\g0lph3r
[2005/12/05 17:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2008/05/19 08:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\LinkedIn
[2007/02/26 14:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\MapInfo
[2009/09/01 12:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Move Networks
[2008/09/22 09:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Snapfish
[2009/02/04 22:13:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\TomTom
[2008/03/31 16:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\U3
[2007/08/11 15:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Viewpoint
[2009/08/09 18:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\W Photo Studio Viewer
[2006/04/30 18:08:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Walgreens
[2009/01/27 16:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\webex
[2009/08/28 16:07:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/01 17:26:11 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/09/01 13:47:07 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2005/12/05 12:51:02 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2009/09/01 17:14:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

[2007/11/02 16:30:35 | 00,000,000 | ---D | M] -- C:\WINDOWS\AрpPatch
[2009/08/28 17:13:51 | 00,000,000 | ---D | M] -- C:\WINDOWS\AрpPatch\AрpPatch


========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 19:11:53 | 00,063,488 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll
[2 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[2 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
[2 C:\WINDOWS\system32\*.tmp files]

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

========== Files - Unicode (All) ==========
[2007/05/13 10:59:56 | 00,000,000 | ---D | C](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2007/05/13 11:00:24 | 00,000,000 | ---D | C](C:\Documents and Settings\Michael\My Documents\S?mantec) -- C:\Documents and Settings\Michael\My Documents\Sуmantec
[2007/05/13 20:12:00 | 00,000,000 | ---D | M](C:\Documents and Settings\Michael\My Documents\S?mantec) -- C:\Documents and Settings\Michael\My Documents\Sуmantec
[2007/11/02 16:30:35 | 00,000,000 | ---D | M](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
< End of report >
  • 0

#4
putt74
Posted 01 September 2009 - 04:50 PM

putt74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras logfile created on: 9/1/2009 5:38:30 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.37 Mb Total Physical Memory | 161.07 Mb Available Physical Memory | 32.00% Memory free
1.20 Gb Paging File | 0.91 Gb Available in Paging File | 76.25% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.93 Gb Total Space | 2.96 Gb Free Space | 8.74% Space Free | Partition Type: NTFS
Drive D: | 7.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP2
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1F40F8F1-B4BC-4A5B-B1A6-363FBDD30F0C}" = eDrawings 2008
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{247A11CA-F5CE-4DD6-85E2-64850E64E064}" = USB2.0 Card Reader
"{2A0D7FD5-7355-4CD0-89B8-F7B666CF9243}" = AnySite 8.8 US Client
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser and SDK
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D38959D-2B4D-8AB0-FD1B-27C324E78DB0}" = RichFLV
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{664F96E2-7CE3-48E2-A7D9-55E002EEFB31}" = Boingo Wi-Fi
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{71459C60-8F4A-4587-884A-D1CE73E01B07}" = MapInfo Professional 7.5
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{8028F4BB-5649-4FFC-8BCD-CA7BFD954FDC}" = AnySite 8.8 US
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1" = Spy Sweeper
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"{ECA9A56F-9EE5-4C88-AA15-827606B3E511}" = TargetPro 4.6
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AVG8Uninstall" = AVG Free 8.5
"Azureus" = Azureus
"Belkin Mouse Belkin Mouse" = Belkin Mouse 1.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Knife_is1" = DVD Knife 3.0
"DVD Shrink_is1" = DVD Shrink 3.2
"ExpressBurn" = Express Burn
"FLAC" = FLAC Installer 1.1.2a (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"InstallShield_{ECA9A56F-9EE5-4C88-AA15-827606B3E511}" = TargetPro 4.6
"LimeWire" = LimeWire PRO 4.9.37
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDI (Microsoft Office Document Image) Viewer_is1" = MDI viewer 0.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars.net" = PokerStars.net
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Skyhook Wireless Wi-Fi Service" = Skyhook Wireless Wi-Fi Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.6.4.1641
"Winamp" = Winamp
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2009 6:07:56 PM | Computer Name = LAPTOP2 | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: -2147483576. This error code indicates the cause of the error.

Error - 8/29/2009 11:07:45 PM | Computer Name = LAPTOP2 | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 9/1/2009 12:58:14 PM | Computer Name = LAPTOP2 | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 9/1/2009 12:59:08 PM | Computer Name = LAPTOP2 | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 9/1/2009 12:59:10 PM | Computer Name = LAPTOP2 | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 9/1/2009 1:14:11 PM | Computer Name = LAPTOP2 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2009 1:21:10 PM | Computer Name = LAPTOP2 | Source = MsiInstaller | ID = 11321
Description = Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer
has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Error - 9/1/2009 1:47:14 PM | Computer Name = LAPTOP2 | Source = Google Update | ID = 20
Description =

Error - 9/1/2009 2:47:06 PM | Computer Name = LAPTOP2 | Source = Google Update | ID = 20
Description =

Error - 9/1/2009 5:56:43 PM | Computer Name = LAPTOP2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 9/1/2009 5:44:23 PM | Computer Name = LAPTOP2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Beep Fips IntelIde intelppm SASDIFSV SASKUTIL

Error - 9/1/2009 5:56:02 PM | Computer Name = LAPTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/1/2009 6:00:47 PM | Computer Name = LAPTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/1/2009 6:13:30 PM | Computer Name = LAPTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/1/2009 6:15:07 PM | Computer Name = LAPTOP2 | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%2

Error - 9/1/2009 6:15:07 PM | Computer Name = LAPTOP2 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/1/2009 6:15:07 PM | Computer Name = LAPTOP2 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 9/1/2009 6:15:07 PM | Computer Name = LAPTOP2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep IntelIde SASKUTIL

Error - 9/1/2009 6:16:16 PM | Computer Name = LAPTOP2 | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 9/1/2009 6:16:16 PM | Computer Name = LAPTOP2 | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2


< End of report >
  • 0

#5
putt74
Posted 01 September 2009 - 07:17 PM

putt74

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 09-09-01.04 - Michael 09/01/2009 19:59.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.279 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\90532956.ini
c:\documents and settings\All Users\Application Data\bomumyd.pif
c:\documents and settings\All Users\Application Data\orez.bin
c:\documents and settings\All Users\Application Data\wyvyneqoh.scr
c:\documents and settings\All Users\Documents\gyxo.vbs
c:\documents and settings\All Users\Documents\hybih.vbs
c:\documents and settings\Michael\Application Data\ozujyrihu.com
c:\documents and settings\Michael\Local Settings\Application Data\eryzaxu.bat
c:\documents and settings\Michael\Local Settings\Application Data\uzuxobyzec._dl
c:\documents and settings\Michael\Local Settings\Application Data\yxuqybev.inf
c:\documents and settings\Michael\My Documents\ZbThumbnail.info
c:\program files\Common Files\asufe.reg
c:\program files\Common Files\vodoxopac.vbs
c:\program files\kernel
c:\recycler\S-1-5-21-8720109977-7513132754-658461807-1177
c:\windows\aden.bat
c:\windows\appatc~1
c:\windows\ditomudov.pif
c:\windows\dll
c:\windows\Fonts\Ttmios__.ttf
c:\windows\Fonts\TTMIWE__.TTF
c:\windows\Fonts\ZWAdobeF.TTF
c:\windows\Install.txt
c:\windows\Installer\429ddd1.msp
c:\windows\Installer\438ea1c.msp
c:\windows\irc.txt
c:\windows\nynoseco.sys
c:\windows\system32\3361
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{2B617882-EFE4-43E2-85C2-015DF432A3C5}
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{2B617882-EFE4-43E2-85C2-015DF432A3C5}\chrome.manifest
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{2B617882-EFE4-43E2-85C2-015DF432A3C5}\chrome\content\_cfg.js
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{2B617882-EFE4-43E2-85C2-015DF432A3C5}\chrome\content\c.js
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{2B617882-EFE4-43E2-85C2-015DF432A3C5}\chrome\content\overlay.xul
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{2B617882-EFE4-43E2-85C2-015DF432A3C5}\install.rdf
c:\windows\system32\disuhayu.exe
c:\windows\system32\gayusomi.dll
c:\windows\system32\gigivada.exe
c:\windows\system32\lujiligi.ban
c:\windows\system32\pstwa.bak1
c:\windows\system32\pstwa.tmp
c:\windows\system32\wisdstr.exe
c:\windows\uhalot.vbs
c:\windows\ytohowovyq.dl

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_isadisk
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-02 01:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-01 21:09 . 2009-09-01 21:09 -------- d-----w- c:\program files\HJT
2009-09-01 21:05 . 2009-09-01 21:05 -------- d-----w- c:\program files\Trend Micro
2009-09-01 18:48 . 2009-09-01 18:48 -------- d-----w- c:\program files\MB
2009-09-01 17:25 . 2009-09-01 17:25 65024 ----a-r- c:\documents and settings\Michael\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-09-01 17:25 . 2009-09-01 17:25 18944 ----a-r- c:\documents and settings\Michael\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-09-01 17:24 . 2009-09-01 17:24 -------- d-----w- c:\program files\SPAS
2009-09-01 17:11 . 2009-09-02 00:59 -------- d--h--w- c:\windows\PIF
2009-08-29 19:44 . 2009-09-01 17:27 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-29 19:44 . 2009-08-29 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-29 19:43 . 2009-09-01 17:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-29 19:43 . 2009-08-29 19:43 -------- d-----w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2009-08-22 20:57 . 2009-08-22 20:57 18122 ----a-w- c:\windows\system32\igihomic.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 22:00 . 2006-03-29 03:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 22:00 . 2006-03-29 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-01 17:17 . 2009-06-14 23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 17:00 . 2009-03-19 23:18 -------- d-----w- c:\documents and settings\Michael\Application Data\Move Networks
2009-09-01 16:58 . 2009-01-11 21:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-30 05:06 . 2007-09-09 08:19 -------- d-----w- c:\program files\PokerStars.NET
2009-08-29 20:58 . 2005-11-24 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-22 20:47 . 2006-07-06 16:29 -------- d-----w- c:\documents and settings\Michael\Application Data\Azureus
2009-08-21 20:46 . 2005-12-05 17:56 -------- d-----w- c:\documents and settings\Michael\Application Data\AdobeUM
2009-08-09 23:28 . 2008-10-24 17:40 -------- d-----w- c:\documents and settings\Michael\Application Data\W Photo Studio Viewer
2009-08-03 18:36 . 2009-06-14 23:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-06-14 23:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 01:32 . 2006-02-27 15:40 83312 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 21:23 . 2009-07-21 21:23 -------- d-----w- c:\documents and settings\Michael\Application Data\AVG8
2007-08-29 01:55 . 2007-05-13 16:00 246 ----a-w- c:\program files\Common Files\tefa
2007-07-01 19:30 . 2007-07-01 19:30 129 ----a-w- c:\program files\Shortcut to IMS Database on 'IMST Server (Imst_svr)' (Z).lnk
.

------- Sigcheck -------

[7] 2004-08-04 11:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-19 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-5 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-23 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SPAS\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SPAS\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"{82-26-6F-F5-ZN}"="c:\windows\system32\dwdsrngt.exe" CHD003
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SPAS\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME\TomTomHOMEService.exe [6/3/2009 7:46 AM 92008]
S1 b1db930f;b1db930f;c:\windows\system32\drivers\b1db930f.sys --> c:\windows\system32\drivers\b1db930f.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9d56acacb5946;Google Update Service (gupdate1c9d56acacb5946);c:\program files\Google\Update\GoogleUpdate.exe [5/15/2009 9:38 AM 133104]
S3 SASENUM;SASENUM;c:\program files\SPAS\SASENUM.SYS [8/5/2009 4:06 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]

2009-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 14:38]

2009-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-15 14:38]

2005-12-05 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6671f34a-9d8f-40dd-a4ac-b5d5c2af4ec7} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-awtuutq - awtuutq.dll
Notify-nnnlkjh - nnnlkjh.dll
Notify-yayvssp - yayvssp.dll
SafeBoot-acup.sys
SafeBoot-wanatw4.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\cob6r1qk.default\
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SPAS\SASWINLO.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(3656)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.EXE
c:\windows\system32\sndvol32.exe
.
**************************************************************************
.
Completion time: 2009-09-02 20:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-02 01:13

Pre-Run: 3,302,301,696 bytes free
Post-Run: 3,208,953,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

238 --- E O F --- 2009-06-10 08:04
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP