Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Desktop is gone


  • Please log in to reply

#16
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hi,
Sorry but, as I mention before if I log in in Normal Mode the only thing that shows in my desktop is the reclycle bin and the message mention before come up. When I press Ctrl/Alt/Del and activate Task control Mgr. an Icon appears at the bottom right of the screen but it does not activate either by double or right clicking, Would you like me to try to do that in safe mode?
  • 0

Advertisements


#17
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
In normal mode, what happens when you press the windows key and R?
  • 0

#18
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
The RUN prompt came up. I can browse and bring any program or file to the Open command. When I press Ok. A "Windows cannot access the specified device, Path, or file. You may not have the appropiate permission." message came up. You also specified that Combo Fix needs to be on the Desktop and is not, it is onit only in safe mode.
  • 0

#19
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Run this command from the run box in normal mode.

"%userprofile%\desktop\combofix.exe" /killall
  • 0

#20
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Same message as before.
  • 0

#21
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Ok,

Post a fresh ComboFix log from Safe mode, if it asks you to update, please do.
  • 0

#22
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, here is the comboFix log.



ComboFix 09-11-28.01 - SYSTEM 11/28/2009 16:12.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1582 [GMT -7:00]
Running from: c:\users\Jerry\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.

2009-11-28 23:22 . 2009-11-28 23:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-28 23:22 . 2009-11-28 23:22 -------- d-----w- c:\users\Jerry\AppData\Local\temp
2009-11-28 23:22 . 2009-11-28 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-28 23:10 . 2009-11-28 23:10 49152 d-----w- C:\32788R22FWJFW
2009-11-24 14:18 . 2009-11-24 14:18 -------- d-----w- C:\_OTL
2009-11-16 01:50 . 2009-11-16 01:50 -------- d-----w- c:\program files\Trend Micro
2009-11-15 20:06 . 2009-11-15 20:06 -------- d-----w- c:\users\Default\AppData\Roaming\Malwarebytes
2009-11-15 20:02 . 2009-11-15 20:02 4096 d-----w- c:\program files\Malbytes' Anti-Malware
2009-11-15 19:56 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 19:56 . 2009-11-15 19:56 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 19:56 . 2009-11-15 19:56 -------- d-----w- c:\programdata\Malwarebytes
2009-11-15 19:56 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 19:45 . 2009-11-15 19:49 4096 d-----w- c:\program files\ERUNT
2009-11-10 02:33 . 2009-11-12 07:59 -------- d-----w- C:\$AVG
2009-11-10 02:32 . 2009-11-12 08:01 4096 d-----w- c:\programdata\avg9
2009-11-08 19:02 . 2009-11-08 19:02 -------- d-----w- c:\program files\RSA
2009-11-01 22:08 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-11-01 22:08 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-01 22:08 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-11-01 22:08 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-01 22:02 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-01 22:02 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-01 22:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-01 18:33 . 2009-11-01 18:33 -------- d-----w- c:\program files\Sophos
2009-11-01 18:11 . 2009-11-01 18:11 -------- d-----w- c:\users\Jerry\AppData\Local\WindowsUpdate
2009-11-01 16:29 . 2009-11-01 16:29 -------- d-----w- c:\program files\EPSON
2009-11-01 16:29 . 2009-11-01 16:29 -------- d-----w- C:\epson
2009-10-30 20:46 . 2009-11-01 16:43 -------- d-----w- c:\program files\VideoLAN
2009-10-30 20:31 . 2009-10-30 20:53 4096 d---a-w- c:\users\Jerry\AppData\Roaming\vlc
2009-10-30 15:53 . 2009-07-31 12:35 5210112 ----a-w- c:\users\Jerry\AppData\Roaming\Microsoft\AddIns\SwiftXL.dll
2009-10-30 15:53 . 2009-07-28 12:15 939008 ----a-w- c:\users\Jerry\AppData\Roaming\Microsoft\AddIns\PSConnector.dll
2009-10-30 15:53 . 2009-10-30 15:57 4096 d-----w- c:\program files\PlanSwift8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 07:06 . 2009-09-07 03:38 4096 d-----w- c:\program files\BufferZone
2009-11-12 07:24 . 2009-09-07 03:30 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 07:24 . 2009-09-07 03:30 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-12 07:24 . 2009-09-06 02:18 -------- d-----w- c:\users\Jerry\AppData\Roaming\DAEMON Tools
2009-11-12 07:24 . 2009-09-06 02:07 4096 d-----w- c:\programdata\RetroExp
2009-11-12 05:36 . 2009-09-19 14:48 680 ----a-w- c:\users\Jerry\AppData\Local\d3d9caps.dat
2009-11-09 17:21 . 2009-09-06 15:53 -------- d-----w- c:\programdata\FLEXnet
2009-11-08 22:51 . 2009-09-07 02:37 -------- d-----w- c:\program files\Autodesk
2009-11-08 19:12 . 2009-09-06 01:22 8192 d-----w- c:\program files\Protector Suite QL
2009-11-08 19:00 . 2009-09-06 01:21 -------- d-----w- c:\programdata\UIB
2009-11-07 18:32 . 2009-09-10 19:46 -------- d-----w- c:\program files\AVG
2009-11-06 16:55 . 2009-10-16 13:58 4096 d-----w- c:\users\Jerry\AppData\Roaming\HpUpdate
2009-11-04 05:16 . 2009-09-07 03:38 4096 d-----w- c:\programdata\BufferZone
2009-11-03 03:42 . 2009-10-06 19:58 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 22:54 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-01 17:15 . 2009-10-27 03:55 12288 d-----w- c:\program files\Shareaza
2009-11-01 16:44 . 2009-09-06 02:05 4096 d-----w- c:\users\Jerry\AppData\Roaming\InstallShield
2009-11-01 16:44 . 2009-09-11 14:46 -------- d-----w- c:\program files\Epson Software
2009-11-01 16:44 . 2007-05-09 21:17 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 03:55 . 2009-10-27 03:55 -------- d-----w- c:\users\Jerry\AppData\Roaming\Shareaza
2009-10-16 14:07 . 2009-10-16 14:04 116841 ----a-w- c:\windows\hpqins00.dat
2009-10-16 14:01 . 2009-10-16 14:01 -------- d-----w- c:\programdata\HP Product Assistant
2009-10-07 01:10 . 2009-10-06 23:28 -------- d-----w- c:\users\Jerry\AppData\Roaming\HP
2009-10-07 01:10 . 2009-10-06 23:07 130375 ----a-w- c:\windows\hpoins13.dat
2009-10-06 23:28 . 2009-10-06 23:28 -------- d-----w- c:\programdata\WEBREG
2009-10-06 23:27 . 2009-10-06 23:20 -------- d-----w- c:\program files\Common Files\HP
2009-10-06 23:26 . 2009-10-06 23:09 4096 d-----w- c:\program files\HP
2009-10-06 23:22 . 2009-10-06 23:07 -------- d-----w- c:\programdata\HP
2009-10-06 23:20 . 2009-10-06 23:20 -------- d-----w- c:\programdata\HPSSUPPLY
2009-10-06 23:19 . 2009-10-06 23:19 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-06 23:19 . 2009-10-06 23:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-06 23:15 . 2009-10-06 23:15 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-30 02:27 . 2009-09-07 02:37 4096 d-----w- c:\users\Jerry\AppData\Roaming\Autodesk
2009-09-30 02:27 . 2009-09-07 02:39 4096 d-----w- c:\programdata\Autodesk
2009-09-30 02:17 . 2009-09-30 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-09-14 09:44 . 2009-11-01 22:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 16:14 . 2009-09-11 15:33 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-10 19:20 . 2009-09-06 00:40 174232 ----a-w- c:\users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 03:43 . 2009-09-09 03:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-06 23:16 . 2009-09-06 23:16 643072 ----a-w- c:\users\Jerry\AppData\Roaming\RipIt4Me\updater\ri4mupdater.exe
2009-09-06 22:18 . 2009-09-06 22:18 65536 ----a-r- c:\users\Jerry\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-09-06 22:18 . 2009-09-06 22:18 10134 ----a-r- c:\users\Jerry\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-09-06 21:07 . 2009-09-06 21:07 262 ----a-w- C:\6fb5219aeb229b3.dat
2009-09-06 07:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-06 07:43 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-06 07:42 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-06 07:08 . 2009-09-06 07:33 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-09-06 07:08 . 2009-09-06 07:33 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-09-06 06:26 . 2009-09-06 06:26 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-06 06:23 . 2009-09-06 06:23 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-06 06:23 . 2009-09-06 06:23 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-06 06:23 . 2009-09-06 06:23 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-06 06:23 . 2009-09-06 06:23 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-06 06:20 . 2009-09-06 06:20 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-06 06:20 . 2009-09-06 06:20 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-06 06:20 . 2009-09-06 06:20 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-06 06:13 . 2009-09-06 06:13 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 06:11 . 2009-09-06 06:11 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-06 06:11 . 2009-09-06 06:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-06 06:11 . 2009-09-06 06:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-06 06:11 . 2009-09-06 06:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-06 06:11 . 2009-09-06 06:11 23552 ----a-w- c:\windows\system32\lpk.dll
2009-09-06 06:11 . 2009-09-06 06:11 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-06 06:06 . 2009-09-06 06:06 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-06 06:04 . 2009-09-06 06:04 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-06 06:02 . 2009-09-06 06:02 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-09-06 05:59 . 2009-09-06 05:59 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-06 05:57 . 2009-09-06 05:57 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-06 05:57 . 2009-09-06 05:57 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-06 05:55 . 2009-09-06 05:55 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-06 05:54 . 2009-09-06 05:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-06 05:54 . 2009-09-06 05:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-09-06 05:54 . 2009-09-06 05:54 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-06 05:53 . 2009-09-06 05:53 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-06 05:51 . 2009-09-06 05:51 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-09-06 05:51 . 2009-09-06 05:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-09-06 05:43 . 2009-09-06 05:43 636928 ----a-w- c:\windows\system32\localspl.dll
2009-09-06 05:42 . 2009-09-06 05:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-06 05:42 . 2009-09-06 05:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-09-06 05:42 . 2009-09-06 05:42 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-06 05:42 . 2009-09-06 05:42 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-09-06 05:42 . 2009-09-06 05:42 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-09-06 05:42 . 2009-09-06 05:42 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-09-06 05:38 . 2009-09-06 05:38 2927104 ----a-w- c:\windows\explorer.exe
2009-09-06 05:33 . 2009-09-06 05:33 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-06 05:33 . 2009-09-06 05:33 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-06 05:33 . 2009-09-06 05:33 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-06 05:33 . 2009-09-06 05:33 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-06 05:33 . 2009-09-06 05:33 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-06 05:33 . 2009-09-06 05:33 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-06 05:33 . 2009-09-06 05:33 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-06 05:28 . 2009-09-06 05:28 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2009-09-06 05:24 . 2009-09-06 05:24 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-09-06 05:24 . 2009-09-06 05:24 988216 ----a-w- c:\windows\system32\winload.exe
2009-09-06 05:24 . 2009-09-06 05:24 927288 ----a-w- c:\windows\system32\winresume.exe
2009-09-06 05:24 . 2009-09-06 05:24 40960 ----a-w- c:\windows\system32\srclient.dll
2009-09-06 05:24 . 2009-09-06 05:24 378368 ----a-w- c:\windows\system32\srcore.dll
2009-09-06 05:24 . 2009-09-06 05:24 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-09-06 05:24 . 2009-09-06 05:24 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-09-06 05:24 . 2009-09-06 05:24 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-06 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" [X]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2007-01-22 9385504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-09 1862144]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"BufferZone"="c:\program files\BufferZone\CLIENTGUI.EXE" [2008-12-23 3352816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-16 4390912]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [url="http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQ&inst=NwA5AC0AMwA4ADEAMwA4&prod=90&ver=9.0.704""]http://www.avg.com/ww.special-uninstallati...r=9.0.704"[/url] [?]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-06 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Shareaza"="c:\program files\Shareaza\Shareaza.exe" [2008-10-01 5723136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 19:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Windows^system32^config^systemprofile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 REDLIGHT;REDLIGHT;c:\windows\System32\drivers\redlight.sys [12/22/2008 5:14 PM 350424]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 2:40 PM 3668480]
S2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\ClntSvc.exe [12/22/2008 5:14 PM 797080]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [9/6/2009 8:30 PM 809296]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 gusvc_Untrusted_BZ;Google Software Updater_Untrusted_BZ;c:\virtual\Untrusted\c_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [5/9/2007 3:17 PM 182768]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/5/2009 7:18 PM 716272]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Sophos-AntiRootkit - c:\program files\Sophos\Sophos Anti-Rootkit\helper.exe remove
AddRemove-_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8} - c:\program files\WordPerfect Office X3\Cabs\MSILauncher.exe {54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 16:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\714.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:000000aa
@="c:\\Windows\\system32\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
"VRegSpecialValueName"=dword:000000aa
@="0"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:000000aa
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
"VRegSpecialValueName"=dword:000000aa

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"VRegSpecialValueName"=dword:000000aa
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\VIDEO\{0263DE3F-BD9E-4FE5-B359-2642F6B09588}\0000]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\VIDEO\{0263DE3F-BD9E-4FE5-B359-2642F6B09588}\0001]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\HARDWARE PROFILES\CURRENT]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-2604506643-2707541610-3872154351-1000\Software\Classes]
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll

- - - - - - - > 'Explorer.exe'(428)
c:\windows\system32\RlShellExt.dll
c:\windows\system32\AM.DLL
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-11-28 16:25
ComboFix-quarantined-files.txt 2009-11-28 23:25
ComboFix2.txt 2009-11-24 02:18
ComboFix3.txt 2009-11-23 16:45

Pre-Run: 67,156,815,872 bytes free
Post-Run: 67,112,529,920 bytes free

- - End Of File - - B9C29FE87E2B39BBE8277C4E91481CF8
  • 0

#23
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Please download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder. Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

  • Click on Scan at the top right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it as Kas to the desktop
  • Post only the detected Virus\malware in the report, it will be at the very top under Detected

Note: This tool will self uninstall when you close it so please remember to save the log before closing it.


  • 0

#24
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber. my scan is finally finished with Kaspersky. I click on Reports and a "Detailed report" came up. -By the way this is Kaspersky Virus Removal Tool 2010- A Autoscan compleated (00:00:000). Events, Object shows on the screen, when I expand this, it shows the detail of what it found. But, how can I save this info. to the desktop? the only option the screen gives me is "Close". I right click, select all and try to paste to the destop and it does not work. I do have a Virus Removal Tool folder on the desktop, I go to logs and it runs "cmd" but nothing happen. I will leave this report open so you can direct me on what to do.
  • 0

#25
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Did it find a lot of stuff? Can you show me a screenshot perhaps?
  • 0

Advertisements


#26
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hello,
No, it does not show very much and the screen does not show the whole path and files either. I'm sending you this from my desktop because when I log in in safe mode on my loptop Internet is not up. Anyway, I can't send you the screen shot. I typed this to see if it can help, I did not include the Time, The Result is as it shows in the screen and on Object you have to include C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5\ For a complete path to everyone of the files shown. On the Deleted File it is the only time the program stop long enough for me to make a choice.





Time Result Object Reason

Detected: Trojan-Clicker.JS.Agent.iw -- F7IR0ELU\vista[1].htm
Untreated: Trojan-Clicker.JS.Agent.iw-- F7IR0ELU\vista[1].htm-- Postponed
Detected:HEUR: Trojan.Script.Iframer -- IPS7FGY2\topbar[1].js--
Untreated:HEUR: Trojan.Script.Iframer-- IPS7FGY2\topbar[1].js-- Postponed
Detected: Trojan-Clicker.JS.Agent.iw -- F7IR0ELU\vista[1].htm--
Untreated: Trojan-Clicker.JS.Agent.iw-- F7IR0ELU\vista[1].htm-- Postponed
Detected:HEUR: Trojan.Script.Iframer -- IPS7FGY2\topbar[1].js--
Untreated:HEUR: Trojan.Script.Iframer-- IPS7FGY2\topbar[1].js-- Postponed
Detected: Trojan-Clicker.JS.Agent.iw -- F7IR0ELU\vista[1].htm--
deleted: Trojan-Clicker.JS.Agent.iw -- F7IR0ELU\vista[1].htm--
Detected:HEUR: Trojan.Script.Iframer -- IPS7FGY2\topbar[1].js--
Task completed

Edited by jllaz, 30 November 2009 - 06:33 PM.

  • 0

#27
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    /md5stop


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#28
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
This is the OTL log.


OTL logfile created on: 12/1/2009 8:10:11 AM - Run 3
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Jerry\Desktop\New Folder\move1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.58% Memory free
4.00 Gb Paging File | 3.99 Gb Available in Paging File | 99.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 62.06 Gb Free Space | 33.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc_Untrusted_BZ) -- C:\Virtual\Untrusted\C_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BufferZoneSvc) -- C:\Program Files\BufferZone\ClntSvc.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (NTService1) -- C:\Program Files\Maxtor\Utils\SyncServices.exe ( )
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (RetroExpLauncher) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe (EMC Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (utkwmzmy) -- C:\Windows\System32\drivers\utkwmzmy.sys ()
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (REDLIGHT) -- C:\Windows\System32\drivers\REDLIGHT.SYS (BufferZone)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (KR3NPXP) -- C:\Windows\system32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BufferZone] C:\Program Files\BufferZone\CLIENTGUI.EXE ()
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Retrospect\Retrospect Express HD 2.0\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/09/06 00:53:58 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Windows^system32^config^systemprofile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: rootrepeal.sys - Reg Error: Value error.
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {25385A31-1B94-44AD-8845-410AC5BAB21A} - Internet Explorer
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AE81E9F2-0CA6-E8E0-1618-43F759A38CE7} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F857C5E7-9407-2270-6780-93FBD60F3EA1} - Java (Sun)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivXNetworks)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/01 08:06:06 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe
[2009/11/29 08:49:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/11/29 08:40:22 | 59,850,752 | ---- | C] ( ) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\setup_9.0.0.722_29.11.2009_17-24.exe
[2009/11/28 16:25:45 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/28 16:10:31 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/28 16:10:31 | 00,000,000 | ---D | C] -- \32788R22FWJFW
[2009/11/28 00:06:33 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/25 22:59:40 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2009/11/24 07:32:47 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2009/11/24 07:21:09 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData
[2009/11/24 07:18:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/24 07:18:47 | 00,000,000 | ---D | C] -- \_OTL
[2009/11/23 09:27:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/23 09:27:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/23 09:27:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/23 09:27:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- \Qoobox
[2009/11/15 18:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/15 13:02:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malbytes' Anti-Malware
[2009/11/15 12:56:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/15 12:56:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 12:50:25 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/15 12:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/09 19:33:22 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/09 19:33:22 | 00,000,000 | ---D | C] -- \$AVG
[2009/11/09 19:32:27 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/08 15:51:24 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/11/08 12:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\RSA
[2009/11/06 10:19:05 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/01 15:08:12 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/11/01 15:08:05 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/11/01 15:08:05 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/11/01 15:08:05 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/11/01 15:08:05 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/11/01 15:07:36 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/11/01 15:07:35 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/11/01 15:07:35 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/11/01 15:07:35 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/11/01 15:07:35 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/11/01 15:07:35 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/11/01 15:07:35 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/11/01 15:07:35 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/11/01 15:07:35 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/11/01 15:07:26 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/11/01 15:07:25 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/11/01 15:02:13 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/11/01 15:02:11 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/11/01 15:01:40 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/11/01 11:33:13 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/11/01 09:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\EPSON
[2009/11/01 09:29:07 | 00,000,000 | ---D | C] -- C:\epson
[2009/11/01 09:29:07 | 00,000,000 | ---D | C] -- \epson
[2006/09/14 10:32:20 | 00,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2009/12/01 08:06:09 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe
[2009/11/30 17:36:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/30 00:08:02 | 00,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utkwmzmy.sys
[2009/11/29 08:40:22 | 59,850,752 | ---- | M] ( ) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\setup_9.0.0.722_29.11.2009_17-24.exe
[2009/11/28 16:23:03 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/28 16:09:12 | 00,000,848 | ---- | M] () -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\ComboFix - Shortcut.lnk
[2009/11/28 14:07:01 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 14:07:01 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 00:06:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/28 00:06:33 | 17,205,6329 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/25 22:35:55 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/23 19:08:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/20 14:37:17 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/20 14:37:17 | 00,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/20 14:37:17 | 00,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/15 13:02:20 | 00,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2009/11/30 00:02:29 | 00,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utkwmzmy.sys
[2009/11/28 16:25:44 | 00,032,836 | ---- | C] () -- \ComboFix.txt
[2009/11/28 16:09:12 | 00,000,848 | ---- | C] () -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\ComboFix - Shortcut.lnk
[2009/11/28 00:06:07 | 17,205,6329 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/26 01:26:18 | 00,262,144 | ---- | C] () -- C:\Windows\system32\config\systemprofile\ntuser.dat
[2009/11/26 00:39:24 | 00,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- \IO.SYS
[2009/11/23 09:27:11 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/23 09:27:11 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/23 09:27:11 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/23 09:27:11 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/23 09:27:11 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/16 18:08:11 | 00,000,846 | ---- | C] () -- \mbam-log-2009-11-16 (18-00-42).txt
[2009/11/15 12:56:35 | 00,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 16:07:49 | 00,002,212 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/11 08:33:36 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/11 07:25:21 | 00,000,025 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/09/10 12:21:57 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 18:56:12 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/06 18:56:12 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/06 16:09:33 | 00,899,414 | ---- | C] () -- \SetupDVDDecrypter_3.5.4.0.exe
[2009/09/06 14:07:01 | 00,000,262 | ---- | C] () -- \6fb5219aeb229b3.dat
[2009/09/05 17:44:32 | 24,509,19424 | -HS- | C] () --
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/22 17:14:50 | 01,279,704 | ---- | C] () -- C:\Windows\System32\RlShellExt.dll
[2008/12/22 17:14:36 | 00,428,832 | ---- | C] () -- C:\Windows\System32\Ole2Plgin.dll
[2008/12/22 17:14:14 | 00,179,928 | ---- | C] () -- C:\Windows\System32\AM.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/09 18:25:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/09 15:24:17 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:33 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:32 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/09 15:06:32 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/09 15:06:32 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/09 14:58:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 14:58:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 14:58:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 14:58:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 14:58:16 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 14:58:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 14:44:27 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/05/09 14:44:26 | 00,333,203 | RHS- | C] () -- \bootmgr
[2007/05/09 14:30:52 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/09 14:30:51 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/09 14:30:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/09 14:30:51 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/06 12:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/10 08:17:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[2006/10/26 22:02:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[1996/02/01 17:25:42 | 00,943,616 | ---- | C] () -- C:\Windows\System32\dfolder.dll

========== LOP Check ==========

[2009/11/25 23:56:32 | 00,025,250 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/04/06 14:59:28 | 00,899,414 | ---- | M] () -- C:\SetupDVDDecrypter_3.5.4.0.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-09 15:06:58


< MD5 for: AGP440.SYS >
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/18 22:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 22:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 23:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< End of report >
  • 0

#29
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (utkwmzmy) -- C:\Windows\System32\drivers\utkwmzmy.sys ()
    O4 - HKLM..\RunOnce: [] File not found
    [2009/11/30 00:08:02 | 00,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utkwmzmy.sys
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#30
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, I clicked the "Run Scan" by mistake. I stoped the scan and rerun OTL and here is the result of the Quick Scan.


OTL logfile created on: 12/1/2009 9:41:38 AM - Run 4
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Jerry\Desktop\New Folder\move1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 79.13% Memory free
4.00 Gb Paging File | 3.97 Gb Available in Paging File | 99.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 62.22 Gb Free Space | 33.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gusvc_Untrusted_BZ) -- C:\Virtual\Untrusted\C_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BufferZoneSvc) -- C:\Program Files\BufferZone\ClntSvc.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (NTService1) -- C:\Program Files\Maxtor\Utils\SyncServices.exe ( )
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (RetroExpLauncher) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe (EMC Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BufferZone] C:\Program Files\BufferZone\CLIENTGUI.EXE ()
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Retrospect\Retrospect Express HD 2.0\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/01 09:38:35 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2009/12/01 09:31:50 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData
[2009/12/01 08:06:06 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe
[2009/11/29 08:49:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/11/29 08:40:22 | 59,850,752 | ---- | C] ( ) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\setup_9.0.0.722_29.11.2009_17-24.exe
[2009/11/28 16:25:45 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/28 16:10:31 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/28 16:10:31 | 00,000,000 | ---D | C] -- \32788R22FWJFW
[2009/11/28 00:06:33 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/24 07:18:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/24 07:18:47 | 00,000,000 | ---D | C] -- \_OTL
[2009/11/23 09:27:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/23 09:27:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/23 09:27:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/23 09:27:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- \Qoobox
[2006/09/14 10:32:20 | 00,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 14 Days ==========

[2009/12/01 09:37:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/01 09:32:25 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 09:32:24 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 09:32:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/01 08:06:09 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\OTL.exe
[2009/11/29 08:40:22 | 59,850,752 | ---- | M] ( ) -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\setup_9.0.0.722_29.11.2009_17-24.exe
[2009/11/28 16:23:03 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/28 16:09:12 | 00,000,848 | ---- | M] () -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\ComboFix - Shortcut.lnk
[2009/11/28 00:06:33 | 17,205,6329 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/25 22:35:55 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/23 19:08:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/20 14:37:17 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/20 14:37:17 | 00,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/20 14:37:17 | 00,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat

========== Files Created - No Company Name ==========

[2009/11/28 16:25:44 | 00,032,836 | ---- | C] () -- \ComboFix.txt
[2009/11/28 16:09:12 | 00,000,848 | ---- | C] () -- C:\Users\Jerry\Desktop\New Folder\move1\Desktop\ComboFix - Shortcut.lnk
[2009/11/28 00:06:07 | 17,205,6329 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/26 00:39:24 | 00,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- \IO.SYS
[2009/11/23 09:27:11 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/23 09:27:11 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/23 09:27:11 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/23 09:27:11 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/23 09:27:11 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/16 18:08:11 | 00,000,846 | ---- | C] () -- \mbam-log-2009-11-16 (18-00-42).txt
[2009/10/06 16:07:49 | 00,002,212 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/11 08:33:36 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/11 07:25:21 | 00,000,025 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/09/10 12:21:57 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 18:56:12 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/06 18:56:12 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/06 16:09:33 | 00,899,414 | ---- | C] () -- \SetupDVDDecrypter_3.5.4.0.exe
[2009/09/06 14:07:01 | 00,000,262 | ---- | C] () -- \6fb5219aeb229b3.dat
[2009/09/05 17:44:32 | 24,509,19424 | -HS- | C] () --
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/22 17:14:50 | 01,279,704 | ---- | C] () -- C:\Windows\System32\RlShellExt.dll
[2008/12/22 17:14:36 | 00,428,832 | ---- | C] () -- C:\Windows\System32\Ole2Plgin.dll
[2008/12/22 17:14:14 | 00,179,928 | ---- | C] () -- C:\Windows\System32\AM.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/09 18:25:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/09 15:24:17 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:33 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:32 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/09 15:06:32 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/09 15:06:32 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/09 14:58:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 14:58:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 14:58:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 14:58:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 14:58:16 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 14:58:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 14:44:27 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/05/09 14:44:26 | 00,333,203 | RHS- | C] () -- \bootmgr
[2007/05/09 14:30:52 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/09 14:30:51 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/09 14:30:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/09 14:30:51 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/06 12:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/10 08:17:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[2006/10/26 22:02:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[1996/02/01 17:25:42 | 00,943,616 | ---- | C] () -- C:\Windows\System32\dfolder.dll

========== LOP Check ==========

[2009/11/25 23:56:32 | 00,025,508 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP