Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help Me!


  • This topic is locked This topic is locked

#1
thebeliever1984

thebeliever1984

    Member

  • Member
  • PipPip
  • 10 posts
Hello everyone, hope your having a great christmas season :-)

I have a strange issue i want get rid of soon, issue is that everytime i go online and i turn on my speakers, i start getting strange innapropiate radio stations through my speakers. This only happends when im online. I went to Spyware Asylum and i ran a Full Scan, but my problem still is not fixed. I ran HijackThis and i have the log, but i dont know what files to delete because i dont which one is inefected. Please help me out, i have some important guests coming to dinner tonight and i really dont want to be embaressed. I know that's nobodies problem but mine, but i was hoping if you could help me out. Thanks :-)

Heres my Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:36:44 PM, on 12/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\explorer.exe
C:\Documents and Settings\ladner\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [mute] C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\updater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

Edited by thebeliever1984, 28 December 2010 - 03:56 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I have two programmes for you to run

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window similar to this should open on your desktop:

    Posted Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#3
thebeliever1984

thebeliever1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Allright man i did everything you listed to do. Here is text file for MBRCheck, and the OTL.Txt and Extras.Txt Logs. I guess you will tell were to go from here. Thanks for all the Help :D


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF9A8D000 \WINDOWS\system32\KDCOM.DLL
0xF999D000 \WINDOWS\system32\BOOTVID.dll
0xF958D000 dnax.sys
0xF953E000 ACPI.sys
0xF9A8F000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF952D000 pci.sys
0xF959D000 isapnp.sys
0xF9B55000 pciide.sys
0xF980D000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF95AD000 MountMgr.sys
0xF950E000 ftdisk.sys
0xF9A91000 dmload.sys
0xF94E8000 dmio.sys
0xF9815000 PartMgr.sys
0xF95BD000 VolSnap.sys
0xF94D0000 atapi.sys
0xF95CD000 disk.sys
0xF95DD000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF94B1000 fltmgr.sys
0xF949F000 sr.sys
0xF95ED000 PxHelp20.sys
0xF9488000 KSecDD.sys
0xF93FB000 Ntfs.sys
0xF93CE000 NDIS.sys
0xF93B3000 Mup.sys
0xF973D000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF92A6000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF9292000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF98CD000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF926F000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF98D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF974D000 \SystemRoot\System32\DRIVERS\AN983.sys
0xF9239000 \SystemRoot\System32\DRIVERS\HSFBS2S2.sys
0xF9216000 \SystemRoot\System32\DRIVERS\ks.sys
0xF9117000 \SystemRoot\System32\DRIVERS\HSFDPSP2.sys
0xF906F000 \SystemRoot\System32\DRIVERS\HSFCXTS2.sys
0xF98DD000 \SystemRoot\System32\Drivers\Modem.SYS
0xF98E5000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF975D000 \SystemRoot\System32\DRIVERS\serial.sys
0xF9A51000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF905B000 \SystemRoot\System32\DRIVERS\parport.sys
0xF976D000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF98ED000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF977D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF978D000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF979D000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8E25000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF8E01000 \SystemRoot\system32\drivers\portcls.sys
0xF97AD000 \SystemRoot\system32\drivers\drmk.sys
0xF9B6A000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF97BD000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF9A59000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF8DEA000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF97CD000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF97DD000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF98F5000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8DD9000 \SystemRoot\System32\DRIVERS\psched.sys
0xF97ED000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF98FD000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF9905000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8D08000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF97FD000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF990D000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF9AA9000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF8CD4000 \SystemRoot\System32\DRIVERS\update.sys
0xF9A75000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF964D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF966D000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF9AAB000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF9945000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF9AAD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9BB5000 \SystemRoot\System32\Drivers\Null.SYS
0xF9AAF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF9955000 \SystemRoot\System32\drivers\vga.sys
0xF9AB1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF9AB3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF995D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF9965000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF9A29000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF0B63000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF0B0B000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF0AF6000 \SystemRoot\system32\drivers\bckd.sys
0xF0AA6000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF0A84000 \SystemRoot\System32\drivers\afd.sys
0xF968D000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF09B8000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF0949000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF96AD000 \SystemRoot\System32\Drivers\Fips.SYS
0xF0928000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF96BD000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF996D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF971D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF02D9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9ABD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8C7D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF9985000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF9CCB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF01F1000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEFF7C000 \SystemRoot\system32\drivers\wdmaud.sys
0xF00F9000 \SystemRoot\system32\drivers\sysaudio.sys
0xEFC58000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF9B2D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEFC11000 \SystemRoot\System32\DRIVERS\HSF_FALL.sys
0xEFBF4000 \SystemRoot\System32\DRIVERS\HSF_FSKS.sys
0xEFB44000 \SystemRoot\System32\DRIVERS\HSF_K56K.sys
0xEFD45000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xEFAEB000 \SystemRoot\System32\DRIVERS\HSF_FAXX.sys
0xEFFE9000 \SystemRoot\System32\DRIVERS\HSF_TONE.sys
0xEFA73000 \SystemRoot\System32\DRIVERS\HSF_V124.sys
0xEF9F4000 \SystemRoot\System32\DRIVERS\srv.sys
0xEF641000 \SystemRoot\System32\Drivers\HTTP.sys
0xEF2AC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEF18C000 \SystemRoot\system32\drivers\kmixer.sys
0xEF619000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xEF246000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEFD61000 \SystemRoot\System32\DRIVERS\mouhid.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 31):
0 System Idle Process
4 System
452 C:\WINDOWS\system32\smss.exe
500 csrss.exe
524 C:\WINDOWS\system32\winlogon.exe
568 C:\WINDOWS\system32\services.exe
580 C:\WINDOWS\system32\lsass.exe
732 C:\WINDOWS\system32\svchost.exe
788 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
900 svchost.exe
956 svchost.exe
1228 C:\WINDOWS\system32\spoolsv.exe
1436 C:\WINDOWS\system32\WgaTray.exe
1456 C:\WINDOWS\explorer.exe
1628 svchost.exe
1668 C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
1896 C:\WINDOWS\system32\igfxtray.exe
1904 C:\WINDOWS\system32\hkcmd.exe
1968 C:\WINDOWS\SOUNDMAN.EXE
2040 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
132 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
232 C:\WINDOWS\system32\ctfmon.exe
1924 C:\WINDOWS\system32\wscntfy.exe
2244 alg.exe
2652 C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\explorer.exe
3108 C:\WINDOWS\system32\wuauclt.exe
3556 C:\WINDOWS\system32\sndvol32.exe
2596 C:\Program Files\Internet Explorer\iexplore.exe
2308 C:\Program Files\Internet Explorer\iexplore.exe
708 C:\Documents and Settings\ladner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400EB-00JEF0, Rev: 13.03G13

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A












OTL logfile created on: 12/29/2010 12:24:10 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\ladner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 26.00 Mb Available Physical Memory | 11.00% Memory free
859.00 Mb Paging File | 417.00 Mb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.62 Gb Free Space | 58.02% Space Free | Partition Type: NTFS

Computer Name: FLIALUGO-PC | User Name: ladner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 00:22:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
PRC - [2010/12/20 16:00:38 | 000,024,064 | ---- | M] (air) -- C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\explorer.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/11 17:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2009/03/10 21:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2006/04/01 00:33:14 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/29 00:22:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
MOD - [2004/08/03 23:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/12/11 17:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\catchme.sys -- (catchme)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/11 17:52:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/04/01 00:33:02 | 002,314,560 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 21:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft...r=6&ar=msnhome"


[2009/10/24 15:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\Mozilla\Extensions
[2010/09/01 12:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\Mozilla\Firefox\Profiles\0yhlane2.default\extensions

O1 HOSTS File: ([2010/12/24 22:49:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mute] C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\updater.exe (air)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ladner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ladner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/22 21:18:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 00:20:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
[2010/12/27 19:54:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/12/26 01:42:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/26 01:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/26 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/26 01:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ladner\Application Data\Sun
[2010/12/26 00:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/12/25 15:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/24 22:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/24 22:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/24 22:35:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/24 22:35:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/24 22:35:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/24 22:35:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/24 22:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/24 22:32:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/24 20:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ladner\Application Data\Malwarebytes
[2010/12/24 20:38:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/24 20:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/24 20:38:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/24 20:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/12 21:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ladner\Application Data\AVG10
[2010/12/12 21:22:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/12 20:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/12 20:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/12 20:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/12 20:29:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ladner\My Documents\HiJackThis.exe
[2010/12/12 20:26:11 | 000,366,998 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ladner\My Documents\mbam-setup-1.50.0.0.exe
[2010/12/10 20:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ladner\Application Data\air
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/29 00:29:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 00:22:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
[2010/12/29 00:11:55 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\ladner\Desktop\MBRCheck.exe
[2010/12/28 17:59:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/28 17:58:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/28 17:58:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/26 17:37:56 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\ladner\Desktop\Microsoft Office Word 2007.lnk
[2010/12/24 22:49:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/24 22:39:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/24 20:39:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\ladner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/24 20:39:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/12 20:29:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ladner\My Documents\HiJackThis.exe
[2010/12/12 20:27:28 | 000,366,998 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ladner\My Documents\mbam-setup-1.50.0.0.exe
[2010/12/04 15:56:54 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\ladner\My Documents\My Resume 2010.doc
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/28 23:59:16 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\ladner\Desktop\MBRCheck.exe
[2010/12/24 22:39:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/24 22:39:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/24 22:35:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/24 22:35:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/24 22:35:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/24 22:35:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/24 22:35:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/24 20:39:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\ladner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/24 20:39:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/04 15:56:53 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\ladner\My Documents\My Resume 2010.doc
[2010/10/01 16:51:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/13 23:22:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/04 01:21:08 | 000,003,967 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/14 17:27:08 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\ladner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 08:34:36 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/07/22 15:55:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/08/23 10:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2001/08/23 10:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2001/08/23 10:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2001/08/23 10:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2001/08/23 10:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/08/23 10:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/12/16 19:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/11 00:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/12 21:22:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/12 20:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/07/13 23:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/07/13 23:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/12/10 20:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\air
[2010/12/12 21:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\AVG10
[2010/09/17 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\W Photo Studio
[2010/09/04 23:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\W Photo Studio Viewer
[2009/12/04 22:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\Walgreens

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2001/08/23 10:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) MD5=5A26FC6010886D25B3E412493DD95ED8 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2010/12/20 16:00:38 | 000,024,064 | ---- | M] (air) MD5=F1745E628E1C9334337E8D328A8164F1 -- C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2001/08/23 10:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2001/08/23 10:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2001/08/23 10:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< %systemroot%\*. /mp /s >













OTL Extras logfile created on: 12/29/2010 12:24:10 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\ladner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 26.00 Mb Available Physical Memory | 11.00% Memory free
859.00 Mb Paging File | 417.00 Mb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.62 Gb Free Space | 58.02% Space Free | Partition Type: NTFS

Computer Name: FLIALUGO-PC | User Name: ladner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Blue Coat K9 Web Protection\uninst.exe" = C:\Program Files\Blue Coat K9 Web Protection\uninst.exe:*:Enabled:Uninstall Blue Coat K9 Web Protection -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_STANDARD_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_STANDARD_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_STANDARD_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_STANDARD_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_STANDARD_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_STANDARD_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_STANDARD_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.296
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"STANDARD" = Microsoft Office Standard 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/8/2010 12:40:11 PM | Computer Name = FLIALUGO-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/8/2010 12:40:11 PM | Computer Name = FLIALUGO-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/8/2010 12:40:11 PM | Computer Name = FLIALUGO-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/8/2010 12:40:11 PM | Computer Name = FLIALUGO-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/11/2010 9:24:05 PM | Computer Name = FLIALUGO-PC | Source = Google Update | ID = 20
Description =

Error - 10/12/2010 1:15:52 AM | Computer Name = FLIALUGO-PC | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

Error - 10/12/2010 1:16:03 AM | Computer Name = FLIALUGO-PC | Source = Application Error | ID = 1001
Description = Fault bucket 1895381466.

Error - 11/1/2010 12:42:01 AM | Computer Name = FLIALUGO-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/1/2010 12:42:10 AM | Computer Name = FLIALUGO-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 11/4/2010 1:09:15 AM | Computer Name = FLIALUGO-PC | Source = Application Error | ID = 1000
Description = Faulting application divxupdate.exe, version 1.0.1.10, faulting module
msvcp80.dll, version 8.0.50727.4053, fault address 0x000100b5.

[ System Events ]
Error - 12/24/2010 8:04:51 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/25/2010 1:31:34 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/26/2010 12:40:05 AM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/26/2010 1:21:29 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/26/2010 1:23:33 PM | Computer Name = FLIALUGO-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 12/26/2010 6:01:13 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/26/2010 10:14:49 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/27/2010 8:55:43 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/27/2010 11:13:56 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 12/28/2010 2:34:11 PM | Computer Name = FLIALUGO-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.1 for the Network Card with network
address 001A7014319C has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Edited by thebeliever1984, 28 December 2010 - 11:50 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see you have allready run Combofix, could you post the log please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [mute] C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\updater.exe (air)

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\ladner\Application Data\air

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
thebeliever1984

thebeliever1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Essexboy,

Here's the Log from Combofix. I went ahead and ran another Scan, so that you get the most updated info. I will follow your instructions and post the OTL Log on my next reply. Thanks again man :D

Here's the Log:

ComboFix 10-12-28.03 - ladner 12/29/2010 15:11:11.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.110 [GMT -5:00]
Running from: c:\documents and settings\ladner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-28 00:54 . 2010-12-28 00:54 -------- d-----w- C:\found.000
2010-12-26 06:28 . 2010-12-26 06:28 -------- d-----w- c:\windows\Sun
2010-12-26 06:08 . 2010-12-26 06:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-26 05:58 . 2010-12-26 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-12-25 01:39 . 2010-12-25 01:39 -------- d-----w- c:\documents and settings\ladner\Application Data\Malwarebytes
2010-12-25 01:38 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-25 01:38 . 2010-12-25 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-25 01:38 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-25 01:38 . 2010-12-25 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 02:26 . 2010-12-13 02:26 -------- d-----w- c:\documents and settings\ladner\Application Data\AVG10
2010-12-13 02:22 . 2010-12-13 02:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-13 01:56 . 2010-12-17 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-12-13 01:54 . 2010-12-13 01:54 -------- d-----w- c:\program files\AVG
2010-12-13 01:37 . 2010-12-13 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-11 01:27 . 2010-12-11 01:27 -------- d-----w- c:\documents and settings\ladner\Application Data\air

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 21:49 . 2009-07-23 13:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-25_03.50.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-26 05:58 . 2010-12-26 05:58 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2010-12-26 05:58 . 2010-12-26 05:58 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-04-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-04-01 126976]
"SoundMan"="SOUNDMAN.EXE" [2006-04-01 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"mute"="c:\documents and settings\ladner\Application Data\air\mute\1.0.0.0\updater.exe" [2010-12-11 24064]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Blue Coat K9 Web Protection\\uninst.exe"=

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 5:52 PM 74088]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 5:52 PM 1078632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 2:19 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/24/2010 8:38 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 19:19]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 15:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-29 15:23:32
ComboFix-quarantined-files.txt 2010-12-29 20:23
ComboFix2.txt 2010-12-25 03:54

Pre-Run: 23,479,332,864 bytes free
Post-Run: 24,664,739,840 bytes free

- - End Of File - - E422A41FB656016954EF75B6F4FC1704
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you have run the OTL fix could you let me know if you still have the problem with the radio stations
  • 0

#7
thebeliever1984

thebeliever1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oh and quick question i forgot to ask you, on the OTL Scan, do you still want me to check the LOP and Purity boxes, and have it on Minimal Output like before? Or do you just want me to leave it as it is?

And yes i will let you know

Edited by thebeliever1984, 29 December 2010 - 02:36 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Select LOP and all users and then run a quick scan please
  • 0

#9
thebeliever1984

thebeliever1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I will, thanks
  • 0

#10
thebeliever1984

thebeliever1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, so i ran the Fix on OTL and i ran the quick scan. I haven't heard anything through the speakers yet, so that's a good thing, but ill be paying close attention everytime i go online and ill let you know if i hear any radio station's. Thanks alot for the Help Essexboy :D

Here's the Log from the quickscan:

OTL logfile created on: 12/29/2010 4:09:05 PM - Run 4
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\ladner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 83.00 Mb Available Physical Memory | 34.00% Memory free
606.00 Mb Paging File | 433.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.02 Gb Free Space | 61.78% Space Free | Partition Type: NTFS

Computer Name: FLIALUGO-PC | User Name: ladner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 00:22:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
PRC - [2010/06/02 19:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/11 17:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2009/03/10 21:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2006/04/01 00:33:14 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/29 00:22:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
MOD - [2004/08/03 23:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/12/11 17:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ladner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/11 17:52:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/04/01 00:33:02 | 002,314,560 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 21:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 08:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 08:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 08:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 08:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 08:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 08:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 08:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 08:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 08:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft...r=6&ar=msnhome"


[2009/10/24 15:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\Mozilla\Extensions
[2010/09/01 12:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\Mozilla\Firefox\Profiles\0yhlane2.default\extensions

O1 HOSTS File: ([2010/12/29 15:59:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-1645522239-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ladner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ladner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/22 21:18:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 15:45:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/29 15:44:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/29 15:23:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/29 00:20:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
[2010/12/27 19:54:48 | 000,000,000 | ---D | C] -- C:\found.000
[2010/12/26 01:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/12/26 01:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/26 01:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ladner\Application Data\Sun
[2010/12/26 00:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/12/25 15:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/12/24 22:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/24 22:35:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/24 22:35:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/24 22:35:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/24 22:35:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/24 22:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/24 22:32:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/24 20:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ladner\Application Data\Malwarebytes
[2010/12/24 20:38:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/24 20:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/24 20:38:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/24 20:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/12 21:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ladner\Application Data\AVG10
[2010/12/12 21:22:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/12 20:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/12 20:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/12 20:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/12 20:29:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ladner\My Documents\HiJackThis.exe
[2010/12/12 20:26:11 | 000,366,998 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ladner\My Documents\mbam-setup-1.50.0.0.exe

========== Files - Modified Within 30 Days ==========

[2010/12/29 16:06:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/29 16:06:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/29 16:06:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/29 15:59:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/29 15:29:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/29 00:22:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ladner\Desktop\OTL.exe
[2010/12/29 00:11:55 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\ladner\Desktop\MBRCheck.exe
[2010/12/26 17:37:56 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\ladner\Desktop\Microsoft Office Word 2007.lnk
[2010/12/24 22:39:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/24 20:39:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\ladner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/24 20:39:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/12 20:29:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ladner\My Documents\HiJackThis.exe
[2010/12/12 20:27:28 | 000,366,998 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ladner\My Documents\mbam-setup-1.50.0.0.exe
[2010/12/04 15:56:54 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\ladner\My Documents\My Resume 2010.doc

========== Files Created - No Company Name ==========

[2010/12/28 23:59:16 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\ladner\Desktop\MBRCheck.exe
[2010/12/24 22:39:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/24 22:39:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/24 22:35:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/24 22:35:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/24 22:35:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/24 22:35:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/24 22:35:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/24 20:39:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\ladner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/12/24 20:39:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/04 15:56:53 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\ladner\My Documents\My Resume 2010.doc
[2010/10/01 16:51:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/13 23:22:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/04 01:21:08 | 000,003,967 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/14 17:27:08 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\ladner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 08:34:36 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/07/22 15:55:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/08/23 10:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/12/16 19:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/11 00:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/12/12 21:22:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/12 20:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/07/13 23:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/07/13 23:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/12/12 21:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\AVG10
[2010/09/17 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\W Photo Studio
[2010/09/04 23:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\W Photo Studio Viewer
[2009/12/04 22:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ladner\Application Data\Walgreens

========== Purity Check ==========



< End of report >
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like you had something new - C:\Documents and Settings\ladner\Application Data\air\mute\1.0.0.0\updater.exe - but 'tis dead now ;)

I would recommend that you update to SP3

Looking at that I am a happy bunny ;)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN


Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disck check
[attachment=46862:Boot defrag.jpg]
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programme:

Posted Image Malwarebytes. Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#12
thebeliever1984

thebeliever1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks Essexboy,

I will wait 24 hours and then follow all of your instructions. Thank God i ran into geekstogo.com, because it's a great forum with very knowledgeable techs, and great customer service. Now that my problem is fixed, i will recommend you guys to people i know that may have problems with their pc's.

Thanks for all the Help man! I give you and geekstogo two thumbs up :D ;)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you for your kind words :D
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP