Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vundo/ Vitrumonde [Solved]

Started by DarkPhase , Apr 04 2010 12:34 AM

This topic is locked

#1
DarkPhase

Posted 04 April 2010 - 12:34 AM

Member

Member
56 posts

I was recently infected with the Vundo/Virtumonde Trojan, I intially ran superantispyware to get rid of part of the infection and allow the usage of MBAM.I was able to scan with that and remove the virus. I then rebooted fine without any problems but I'm wanting to make sure it's completely removed.

MBAM Log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3951

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2010 10:26:47 PM
mbam-log-2010-04-03 (22-26-47).txt

Scan type: Quick scan
Objects scanned: 111152
Time elapsed: 15 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tamijajuhu (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#2
DarkPhase

Posted 04 April 2010 - 12:46 AM

Member

Topic Starter
Member
56 posts

OTL logfile created on: 4/4/2010 2:11:48 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.46 Gb Total Space | 13.44 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.55 Gb Free Space | 7.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/04 02:03:59 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2010/03/26 15:00:44 | 003,250,576 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/22 20:36:00 | 000,621,320 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/30 17:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/04 21:19:52 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

========== Modules (SafeList) ==========

MOD - [2010/04/04 02:03:59 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2010/03/26 15:00:54 | 000,956,816 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_42127.dll
MOD - [2008/04/13 20:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://swagbucks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/29 06:44:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/29 06:44:40 | 000,000,000 | ---D | M]

[2008/12/17 14:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/04/01 04:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\200kckfa.default\extensions
[2009/11/08 00:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\200kckfa.default\extensions\[email protected]
[2010/03/27 06:30:09 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\200kckfa.default\searchplugins\aim-search.xml
[2009/07/10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\200kckfa.default\searchplugins\askcom.xml
[2010/04/03 19:39:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/03/01 16:53:08 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: gaiaonline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: Gorillaz.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.64.0.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2F6265C6-3D7D-44B9-97FE-3993B9248EC1} http://smashmash.tv/...hMashPlugin.exe (Plugin Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (Reg Error: Key error.)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com...OnlineGames.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} http://m1.cdn.gaiaon...ns/IDMFlash.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (Reg Error: Key error.)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers...eminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ibeatyou Video PlugIn http://www.ibeatyou....ideo_plugin.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (kefuyave.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 02:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/04 02:03:57 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/03 22:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer
[2010/04/03 21:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/03 19:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/01 05:10:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex__preferences3.dat
[2010/03/26 20:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2010/03/26 20:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/02/20 18:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/09/02 14:16:08 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat
[2009/07/22 03:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/22 03:15:55 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PnkBstrK.sys
[2009/04/13 13:58:51 | 025,427,968 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2009/04/10 22:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/12 13:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/07/01 10:55:56 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
[2008/06/27 12:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/27 12:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/11/27 17:35:51 | 000,184,657 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\log.txt
[2007/10/02 21:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/10/02 21:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/10/02 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/09/26 23:24:16 | 000,002,522 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2007/05/07 17:40:28 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2007/01/14 21:45:30 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/26 22:08:19 | 000,067,712 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/12/26 13:27:47 | 000,832,744 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2006/12/26 13:27:47 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\desktop.ini
[2006/12/26 13:27:45 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG
[2006/12/26 13:27:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2006/12/26 13:27:19 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/12/26 13:27:19 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/09/04 21:15:09 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 14:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/19 13:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2005/12/04 18:43:48 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[69 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/04 02:11:16 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB2D9386-7F97-45AC-A461-D30615810B79}.job
[2010/04/04 02:03:59 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2010/04/04 02:00:00 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/04/03 23:09:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/03 22:31:45 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/03 22:31:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 22:31:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/03 22:31:21 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/03 22:30:33 | 025,427,968 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.dat
[2010/04/03 22:01:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\ntuser.ini
[2010/04/03 22:01:24 | 000,832,744 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2010/04/03 21:40:55 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\molezuku
[2010/04/03 05:06:19 | 000,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/04/03 05:04:41 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/04/01 23:22:48 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/01 05:16:21 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat
[2010/04/01 05:10:27 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
[2010/04/01 05:10:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\jagex__preferences3.dat
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:04:15 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/26 20:21:09 | 000,003,168 | -H-- | M] () -- C:\IPH.PH
[2010/03/26 20:21:01 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/26 15:00:50 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[69 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/03 22:02:20 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/26 15:00:50 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/25 01:20:17 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/05 16:50:25 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/08/17 11:40:20 | 000,000,071 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2008/08/17 11:40:19 | 000,000,101 | ---- | C] () -- C:\WINDOWS\Slipknot Intro.ini
[2008/03/17 14:36:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/03/09 01:16:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/09 01:16:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/09 22:35:08 | 007,310,059 | ---- | C] () -- C:\WINDOWS\System32\Plugin.dll
[2007/09/13 20:11:13 | 000,000,235 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/09/04 22:29:48 | 000,860,211 | --S- | C] () -- C:\WINDOWS\System32\XSIFtk-3.6.2.1.dll
[2007/08/09 22:26:12 | 000,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/11 01:03:22 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/05/16 16:18:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/04/09 15:23:29 | 000,000,051 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/04/09 10:44:09 | 000,000,358 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2007/04/09 09:23:48 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/02/10 09:45:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/02/10 09:44:09 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/02/10 09:44:09 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/02/10 09:44:09 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/14 00:30:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/04 22:10:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/04 21:44:03 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/04 21:36:26 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/04 21:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/04 21:33:18 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/04 21:22:18 | 000,000,141 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/04 21:20:41 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/04 21:13:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/04 21:10:11 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/04 21:10:11 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/04 20:53:41 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/04 20:50:27 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/04 20:50:27 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/04 20:50:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/04/24 19:42:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 17:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/10/16 23:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2008/11/18 18:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/17 07:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/06/10 23:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/10/05 19:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2010/01/18 00:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/07 06:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/06/30 13:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/27 14:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/01/14 00:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore
[2007/08/17 14:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BYOND
[2009/05/06 21:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Crayon Physics Deluxe
[2007/10/10 18:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Elluminate
[2007/07/11 00:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FotoWire
[2008/12/12 12:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2007/03/16 19:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Gizmoz
[2009/04/22 14:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\id Software
[2007/05/11 20:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IMVU
[2007/04/15 22:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2008/05/25 22:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
[2009/03/05 16:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Megaupload
[2009/09/11 22:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mount&Blade
[2009/09/24 17:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mount&Blade Warband
[2007/03/16 10:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
[2008/05/26 13:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Subversion
[2007/09/26 23:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2008/06/14 11:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[2010/03/12 05:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ubisoft
[2008/06/17 09:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Viewpoint
[2009/10/27 22:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Vivox
[2010/04/04 02:00:00 | 000,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/04/04 02:11:16 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BB2D9386-7F97-45AC-A461-D30615810B79}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/10 21:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/04/10 21:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/10 21:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/04/10 21:28:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[69 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/06/10 23:06:15 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2005/12/04 18:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 18:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/12/04 18:42:42 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

OTL Extras logfile created on: 4/4/2010 2:11:48 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.46 Gb Total Space | 13.44 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.55 Gb Free Space | 7.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOEY-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"27073:TCP" = 27073:TCP:*:Disabled:BitComet 27073 TCP
"27073:UDP" = 27073:UDP:*:Disabled:BitComet 27073 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\dark_phase\half-life 2\hl2.exe" = C:\Program Files\Steam\steamapps\dark_phase\half-life 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Alwil Software\Avast4\ashAvast.exe" = C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus -- (ALWIL Software)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy -- (Safer Networking Limited)
"C:\Program Files\Steam\steamapps\dark_phase\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\dark_phase\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\BYOND\bin\byond.exe" = C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond -- ()
"C:\Program Files\Steam\steamapps\common\mount and blade\runme.exe" = C:\Program Files\Steam\steamapps\common\mount and blade\runme.exe:*:Enabled:Mount and Blade -- ()
"C:\Program Files\Steam\steamapps\dark_phase\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\dark_phase\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\dark_phase\synergy\hl2.exe" = C:\Program Files\Steam\steamapps\dark_phase\synergy\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\kraken^\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\kraken^\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\dark_phase\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\dark_phase\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Vivox\Vivox Voice ActiveX Object\VivoxVoiceManager.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Vivox\Vivox Voice ActiveX Object\VivoxVoiceManager.exe:*:Enabled:VivoxVoiceManager -- (Vivox, Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Rockstar Games\GTA2\gta2.exe" = C:\Program Files\Rockstar Games\GTA2\gta2.exe:*:Enabled:GTA2 main executable -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\EA Games\Battlefield 2\BF2.exe" = C:\Program Files\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Steam\steamapps\dark_phase\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\dark_phase\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\arma 2 demo\ArmA2Demo.exe" = C:\Program Files\Steam\steamapps\common\arma 2 demo\ArmA2Demo.exe:*:Enabled:ARMA II Demo -- (Bohemia Interactive)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 19
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2DBFB532-A1F2-43AA-BE8C-2CEF6ED32552}" = IMWhiteboard
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79A3DE21-AA4F-4248-B03A-96659FE5F438}" = Vivox Voice ActiveX Object 1.0.10.1933
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"avast!" = avast! Antivirus
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"Defraggler" = Defraggler
"DVD Flick_is1" = DVD Flick 1.3.0.6
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble(PR Edition)" = Mumble(PR edition) and Murmur(PR edition)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Project Reality Full - Part 1 of 2_is1" = Project Reality 0909 Full - Part 1 of 2
"Project Reality Full - Part 2 of 2_is1" = Project Reality 0909 Full - Part 2 of 2
"PunkBusterSvc" = PunkBuster Services
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = StarForge
"Starcraft" = Starcraft
"Steam App 12900" = Audiosurf
"Steam App 17520" = Synergy
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 22100" = Mount and Blade
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33920" = ARMA II Demo
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Compaq_Owner)
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/25/2009 6:50:12 PM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_GetFile Error 2.

Error - 2/25/2009 6:50:12 PM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 2.

Error - 2/25/2009 6:50:12 PM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
chestGetFile() failed: 2.

Error - 9/24/2009 5:01:37 PM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

Error - 9/24/2009 5:01:55 PM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], STANDARD.

Error - 11/5/2009 6:02:21 AM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.youtube.c...p...;hl=en&hd=1
failed, 0000A413.

Error - 11/5/2009 6:26:32 AM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestquerie...te/...ay o&cp=6
failed, 0000A413.

Error - 11/5/2009 11:11:01 PM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestquerie.../...nthes&cp=15
failed, 0000A413.

Error - 11/6/2009 5:01:23 AM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestquerie.../...rds.c&cp=11
failed, 0000A413.

Error - 11/6/2009 5:15:03 AM | Computer Name = JOEY-D0F670B45A | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://fim.adnxs.com...b=1257498903265
failed, 0000A413.

[ Application Events ]
Error - 3/8/2010 5:25:43 AM | Computer Name = JOEY-D0F670B45A | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x000d676b.

Error - 3/11/2010 1:38:08 AM | Computer Name = JOEY-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/13/2010 3:44:33 AM | Computer Name = JOEY-D0F670B45A | Source = Application Error | ID = 1000
Description = Faulting application arma2demo.exe, version 1.2.0.58127, faulting
module arma2demo.exe, version 1.2.0.58127, fault address 0x004b592f.

Error - 3/13/2010 8:51:28 PM | Computer Name = JOEY-D0F670B45A | Source = Application Error | ID = 1000
Description = Faulting application arma2demo.exe, version 1.2.0.58127, faulting
module arma2demo.exe, version 1.2.0.58127, fault address 0x00164957.

Error - 3/14/2010 9:25:53 PM | Computer Name = JOEY-D0F670B45A | Source = Application Error | ID = 1000
Description = Faulting application questviewer.exe, version 0.0.0.0, faulting module
http_fetch_unicode.dll, version 0.0.0.0, fault address 0x000020a4.

Error - 3/14/2010 9:28:23 PM | Computer Name = JOEY-D0F670B45A | Source = Application Error | ID = 1000
Description = Faulting application questviewer.exe, version 0.0.0.0, faulting module
http_fetch_unicode.dll, version 0.0.0.0, fault address 0x000020a4.

Error - 3/14/2010 9:54:43 PM | Computer Name = JOEY-D0F670B45A | Source = Application Error | ID = 1000
Description = Faulting application questviewer.exe, version 0.0.0.0, faulting module
http_fetch_unicode.dll, version 0.0.0.0, fault address 0x000020a4.

Error - 3/25/2010 10:23:56 PM | Computer Name = JOEY-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 10:53:45 PM | Computer Name = JOEY-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 10:53:45 PM | Computer Name = JOEY-D0F670B45A | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/3/2010 10:01:12 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/3/2010 10:01:12 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/3/2010 10:01:12 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/3/2010 10:01:12 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/3/2010 10:01:12 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
sptd
Tcpip

Error - 4/3/2010 10:01:17 PM | Computer Name = JOEY-D0F670B45A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/3/2010 10:01:25 PM | Computer Name = JOEY-D0F670B45A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/3/2010 10:03:00 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The NTPort Library Driver service failed to start due to the following
error: %%2

Error - 4/3/2010 10:31:52 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7000
Description = The NTPort Library Driver service failed to start due to the following
error: %%2

Error - 4/3/2010 10:31:58 PM | Computer Name = JOEY-D0F670B45A | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde ViaIde

< End of report >

Attached Files

OTL.Txt 73KB 114 downloads
Extras.Txt 57.59KB 186 downloads

Edited by Gammo, 04 April 2010 - 04:28 AM.
Included logs - do not attach them please

#3
Gammo

Posted 04 April 2010 - 05:19 AM

Member 2k

Malware Removal
2,299 posts

Hi ,

Welcome to Geeks to Go! My name is Gammo and I will be helping you fix your computer problem.
If for any reason you do not understand any of the instructions, or are just unsure then please do not guess, simply post back with your question, and we will go through it again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O20 - AppInit_DLLs: (kefuyave.dll) - File not found
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
[2010/04/03 21:40:55 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\molezuku
[69 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe"=-

:Files
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU
C:\Documents and Settings\Compaq_Owner\Application Data\IMVU

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

#4
DarkPhase

Posted 04 April 2010 - 03:04 PM

Member

Topic Starter
Member
56 posts

I noticed you had it delete something related to IMVU, That was some terrible game i played way back in the day (3-4 years ago) and i don't think it's related to the current issue.

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:kefuyave.dll deleted successfully.
D:\AUTOEXEC.BAT moved successfully.
File C:\WINDOWS\System32\molezuku not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\is-HEL83.tmp deleted successfully.
C:\WINDOWS\System32\SET15A.tmp deleted successfully.
C:\WINDOWS\System32\SET598.tmp deleted successfully.
C:\WINDOWS\System32\SET599.tmp deleted successfully.
C:\WINDOWS\System32\SET59A.tmp deleted successfully.
C:\WINDOWS\System32\SET5AA.tmp deleted successfully.
C:\WINDOWS\System32\SET5AB.tmp deleted successfully.
C:\WINDOWS\System32\SET5AC.tmp deleted successfully.
C:\WINDOWS\System32\SET5B9.tmp deleted successfully.
C:\WINDOWS\System32\SET5BA.tmp deleted successfully.
C:\WINDOWS\System32\SET5BF.tmp deleted successfully.
C:\WINDOWS\System32\SET5C0.tmp deleted successfully.
C:\WINDOWS\System32\SET5CA.tmp deleted successfully.
C:\WINDOWS\System32\SET5DD.tmp deleted successfully.
C:\WINDOWS\System32\SET5E7.tmp deleted successfully.
C:\WINDOWS\System32\SET5EA.tmp deleted successfully.
C:\WINDOWS\System32\SET669.tmp deleted successfully.
C:\WINDOWS\System32\SET670.tmp deleted successfully.
C:\WINDOWS\System32\SET679.tmp deleted successfully.
C:\WINDOWS\System32\SET67A.tmp deleted successfully.
C:\WINDOWS\System32\SET682.tmp deleted successfully.
C:\WINDOWS\System32\SET683.tmp deleted successfully.
C:\WINDOWS\System32\SET68C.tmp deleted successfully.
C:\WINDOWS\System32\SET68F.tmp deleted successfully.
C:\WINDOWS\System32\SET693.tmp deleted successfully.
C:\WINDOWS\System32\SET694.tmp deleted successfully.
C:\WINDOWS\System32\SET69B.tmp deleted successfully.
C:\WINDOWS\System32\SET69C.tmp deleted successfully.
C:\WINDOWS\System32\SET6B0.tmp deleted successfully.
C:\WINDOWS\System32\SET6B3.tmp deleted successfully.
C:\WINDOWS\System32\SET6BB.tmp deleted successfully.
C:\WINDOWS\System32\SET6BC.tmp deleted successfully.
C:\WINDOWS\System32\SET6C3.tmp deleted successfully.
C:\WINDOWS\System32\SET6C4.tmp deleted successfully.
C:\WINDOWS\System32\SET6EB.tmp deleted successfully.
C:\WINDOWS\System32\SET6EE.tmp deleted successfully.
C:\WINDOWS\System32\SET6F1.tmp deleted successfully.
C:\WINDOWS\System32\SET6F5.tmp deleted successfully.
C:\WINDOWS\System32\SET6F8.tmp deleted successfully.
C:\WINDOWS\System32\SET6FA.tmp deleted successfully.
C:\WINDOWS\System32\SET6FF.tmp deleted successfully.
C:\WINDOWS\System32\SET706.tmp deleted successfully.
C:\WINDOWS\System32\SET710.tmp deleted successfully.
C:\WINDOWS\System32\SET713.tmp deleted successfully.
C:\WINDOWS\System32\SET737.tmp deleted successfully.
C:\WINDOWS\System32\SET73A.tmp deleted successfully.
C:\WINDOWS\System32\SET741.tmp deleted successfully.
C:\WINDOWS\System32\SET744.tmp deleted successfully.
C:\WINDOWS\System32\SET74C.tmp deleted successfully.
C:\WINDOWS\System32\SET751.tmp deleted successfully.
C:\WINDOWS\System32\SET755.tmp deleted successfully.
C:\WINDOWS\System32\SET758.tmp deleted successfully.
C:\WINDOWS\System32\SET75B.tmp deleted successfully.
C:\WINDOWS\System32\SET75C.tmp deleted successfully.
C:\WINDOWS\System32\SET75D.tmp deleted successfully.
C:\WINDOWS\System32\SET75E.tmp deleted successfully.
C:\WINDOWS\System32\SET763.tmp deleted successfully.
C:\WINDOWS\System32\SET76B.tmp deleted successfully.
C:\WINDOWS\System32\SET76D.tmp deleted successfully.
C:\WINDOWS\System32\SET783.tmp deleted successfully.
C:\WINDOWS\System32\SET78C.tmp deleted successfully.
C:\WINDOWS\System32\SET791.tmp deleted successfully.
C:\WINDOWS\System32\SET792.tmp deleted successfully.
C:\WINDOWS\System32\SET793.tmp deleted successfully.
C:\WINDOWS\System32\SET794.tmp deleted successfully.
C:\WINDOWS\System32\SET795.tmp deleted successfully.
C:\WINDOWS\System32\SET7AA.tmp deleted successfully.
C:\WINDOWS\System32\SET7AD.tmp deleted successfully.
C:\WINDOWS\002808_.tmp deleted successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\dllcache\SET66B.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET672.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET695.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET696.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET697.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET69D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET69E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET69F.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET74D.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET74E.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET752.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET753.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU not found.
C:\Documents and Settings\Compaq_Owner\Application Data\IMVU\ProductFiles folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\IMVU\avpics folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\IMVU folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 4590291 bytes
->Temporary Internet Files folder emptied: 97215370 bytes
->Java cache emptied: 173543380 bytes
->FireFox cache emptied: 83992676 bytes
->Flash cache emptied: 3869947 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83064 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 891140 bytes

Total Files Cleaned = 348.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Compaq_Owner
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (64424509440)
Error: Unable to interpret <[reboot> in the current context!

OTL by OldTimer - Version 3.2.1.0 log created on 04042010_165348

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4XYWCH7E\ef=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[1].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DFROZEN%2520METAL%2520MAN not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_604.dat not found!

Registry entries deleted on Reboot...

Attached Files

ESETLOG.txt 302bytes 120 downloads

Edited by DarkPhase, 04 April 2010 - 08:50 PM.

#5
Gammo

Posted 05 April 2010 - 04:53 AM

Member 2k

Malware Removal
2,299 posts

Hi,

Your logs appears to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections.

Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
SpywareBlaster to help prevent spyware from installing in the first place.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo

#6
Gammo

Posted 09 April 2010 - 08:58 AM

Member 2k

Malware Removal
2,299 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.