Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please HELP me remove Microtrend Popup Grrr,,


  • This topic is locked This topic is locked

#1
RMW

RMW

    Member

  • Member
  • PipPip
  • 33 posts
I have had this problem before and so I have already installed 'hijack this' and am pasting a log sheet from that scan. I will wait for someone to read my log and suggest to me what to do next.

Sincerely - Roger Wood

Thank you so much for your help.

------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:11 PM, on 6/17/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Hello RMW :)

Sorry for the delay

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan bot paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Things I would like to see in your reply:
  • MBAM Log
  • OTL.txt and Extras.txt

  • 0

#3
RMW

RMW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here they are:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6923

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/22/2011 5:27:07 PM
mbam-log-2011-06-22 (17-27-07).txt

Scan type: Quick scan
Objects scanned: 220420
Time elapsed: 30 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 6/22/2011 8:29:36 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 395.60 Mb Available Physical Memory | 38.96% Memory free
2.38 Gb Paging File | 1.47 Gb Available in Paging File | 61.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 4.46 Gb Free Space | 3.14% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 2.56 Gb Free Space | 36.76% Space Free | Partition Type: FAT32

Computer Name: YOUR-4F1261A8E5 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/25 14:30:38 | 000,045,992 | ---- | M] (Qwest Communications) -- C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
PRC - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
PRC - [2010/01/16 14:30:02 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/18 14:58:34 | 001,064,808 | ---- | M] () -- C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2005/02/16 15:17:00 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2005/02/16 15:15:36 | 001,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2005/02/16 14:54:35 | 000,241,777 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
PRC - [2005/02/16 14:54:35 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2004/10/13 16:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 16:00:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/10/13 14:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/26 00:29:44 | 000,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Program Files\CASIO\Photo Loader\Plauto.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
MOD - [2010/01/16 14:30:06 | 000,116,008 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprthook.dll
MOD - [2005/02/16 15:17:00 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\IadHide5.dll
MOD - [2004/08/04 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/01/16 14:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare)
SRV - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)


========== Driver Services (SafeList) ==========

DRV - [2011/06/02 18:08:20 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110622.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/19 12:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 17:23:58 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110622.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 17:23:58 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110622.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 16:47:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 16:47:34 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 16:47:25 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 22:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2004/10/13 17:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/18 00:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 09:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 14:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/05/13 08:16:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - File not found
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Avvenu.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free Viewer Plus\ThirtyDayTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 03:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8d53170e-707a-11e0-ad9c-0011d8a63e10}\Shell - "" = AutoRun
O33 - MountPoints2\{8d53170e-707a-11e0-ad9c-0011d8a63e10}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8d53170e-707a-11e0-ad9c-0011d8a63e10}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{b67cfbfe-406b-11e0-ad71-0011d8a63e10}\Shell - "" = AutoRun
O33 - MountPoints2\{b67cfbfe-406b-11e0-ad71-0011d8a63e10}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b67cfbfe-406b-11e0-ad71-0011d8a63e10}\Shell\AutoRun\command - "" = K:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619700398653440)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 20:21:29 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
[2011/06/17 12:03:35 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\HiJackThis.exe
[2011/06/16 16:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Malwarebytes
[2011/06/16 16:26:38 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/16 16:26:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/29 17:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2005/07/04 21:36:10 | 002,428,688 | ---- | C] (Allok Soft,Inc. ) -- C:\Program Files\allok_rm2mp3.exe
[2005/07/04 15:59:28 | 000,461,946 | ---- | C] (e-merge GmbH) -- C:\Program Files\smart.exe
[2004/05/27 04:40:06 | 024,265,736 | ---- | C] (Microsoft) -- C:\Program Files\Microsoft .NET Framework 1.1.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 20:36:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
[2011/06/22 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/06/22 18:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\ssbswbmy.job
[2011/06/22 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/06/22 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/06/22 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/06/22 14:20:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/22 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/06/22 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/06/22 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/06/22 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/06/22 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/06/22 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/06/22 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/06/22 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/06/22 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/06/22 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/06/22 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/06/22 03:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/22 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/22 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/22 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/21 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/06/21 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/06/21 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/06/21 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/06/21 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/06/20 17:41:35 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/06/20 17:40:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 17:40:44 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 12:03:38 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\HiJackThis.exe
[2011/06/16 18:45:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/16 16:26:43 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 21:20:43 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 21:49:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/05/03 23:21:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/21 18:27:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 12:14:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/01/05 20:21:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\fusioncache.dat
[2010/06/11 18:08:43 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2010/06/11 18:08:30 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2009/12/15 12:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmahepijovap.bin
[2009/12/15 12:09:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Khacefed.dat
[2009/05/05 09:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/04/29 11:24:03 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009/01/21 15:35:46 | 000,292,284 | ---- | C] () -- C:\WINDOWS\rgmonsvc.exe
[2009/01/14 18:00:56 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 23:49:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/03/30 13:01:50 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/01/16 21:55:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2007/05/31 14:52:12 | 001,102,518 | -HS- | C] () -- C:\WINDOWS\wwxbeg.ini
[2007/05/06 17:59:40 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/05 10:36:44 | 000,086,528 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2007/04/27 11:40:53 | 001,579,063 | -HS- | C] () -- C:\WINDOWS\wvvycf.ini
[2007/04/04 06:51:45 | 000,004,317 | ---- | C] () -- C:\WINDOWS\cs_cache.ini
[2007/02/24 19:44:38 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/02/24 19:44:32 | 000,257,693 | ---- | C] () -- C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe
[2007/02/24 19:42:55 | 000,000,966 | ---- | C] () -- C:\WINDOWS\CDRip.INI
[2006/12/18 17:53:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/10/27 18:56:59 | 000,000,526 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/15 20:54:31 | 000,000,141 | ---- | C] () -- C:\WINDOWS\Vogone2.INI
[2005/11/28 23:44:12 | 000,005,920 | ---- | C] () -- C:\WINDOWS\CDex.INI
[2005/11/10 19:32:23 | 000,000,179 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/10/12 22:05:37 | 000,000,776 | ---- | C] () -- C:\WINDOWS\ASPROFIL.INI
[2005/09/24 13:48:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/09/24 13:42:24 | 000,015,584 | ---- | C] () -- C:\WINDOWS\aodp202.ini
[2005/09/21 09:29:08 | 000,153,088 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2005/07/22 14:57:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/07/11 18:56:27 | 000,012,890 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/04 21:14:40 | 006,182,428 | ---- | C] () -- C:\Program Files\ac3decoder.zip
[2005/07/04 13:00:27 | 001,522,839 | ---- | C] () -- C:\Program Files\dvdripfull92.exe
[2005/04/20 21:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/04/19 20:27:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/18 17:11:46 | 000,000,243 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/04/18 15:45:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2005/02/16 15:46:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 15:43:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/16 15:43:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/16 15:43:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/16 15:43:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/16 15:43:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/16 15:43:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/16 15:17:00 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/02/16 15:16:03 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/02/16 15:15:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/02/16 15:15:37 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/16 15:12:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/16 15:02:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/16 14:59:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/16 14:54:43 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/02/16 14:54:43 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005/02/16 14:50:55 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/16 14:49:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/15 03:52:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/15 03:43:00 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/15 03:43:00 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/15 03:41:10 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/15 03:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/15 03:36:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/13 16:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 21:38:02 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/06/03 18:05:06 | 001,102,399 | -HS- | C] () -- C:\WINDOWS\uvuuwa.ini
[2003/06/03 12:53:09 | 001,102,501 | -HS- | C] () -- C:\WINDOWS\eehkjl.ini
[2003/06/03 02:01:43 | 001,102,039 | -HS- | C] () -- C:\WINDOWS\jllklm.ini
[2003/06/02 17:53:11 | 001,101,965 | -HS- | C] () -- C:\WINDOWS\adefgh.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/03/14 09:37:28 | 000,323,711 | ---- | C] () -- C:\WINDOWS\UNINCDRW.exe

========== LOP Check ==========

[2007/04/14 18:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/10/12 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2007/12/13 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/06 22:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/13 12:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/05/11 23:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/06/12 00:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/22 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/02/11 15:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/05/12 21:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2006/07/19 21:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/02/03 23:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2011/02/03 23:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/24 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/05/29 15:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 22:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/07/16 12:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/02/16 15:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\InterMute
[2011/02/21 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\InterVideo
[2011/02/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Leadertech
[2011/01/11 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\NetMedia Providers
[2011/01/11 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Publish Providers
[2005/02/16 15:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\SampleView
[2011/01/11 18:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Sony
[2011/04/21 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Steinberg
[2011/06/22 00:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/22 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/06/22 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/06/22 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/06/22 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/06/22 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/06/22 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/06/22 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/06/22 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/06/22 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/06/22 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/06/22 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/21 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/06/21 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/06/21 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/06/21 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/06/21 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/06/22 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/06/22 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/06/22 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/06/22 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/06/22 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/06/22 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/06/22 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/06/22 18:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\ssbswbmy.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/17 19:18:15 | 000,003,894 | ---- | M] () -- C:\acttmp.dat
[2010/05/07 17:33:04 | 000,000,840 | ---- | M] () -- C:\ASLog.txt
[2005/04/19 14:05:29 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2004/10/15 03:38:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/05 20:18:53 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2011/01/05 20:56:55 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2002/11/26 19:03:32 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\cewmdm.dll
[2004/08/04 04:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2003/06/03 17:47:50 | 000,012,828 | ---- | M] () -- C:\ComboFix-quarantined-files.txt
[2003/06/03 17:47:50 | 000,031,941 | ---- | M] () -- C:\ComboFix.txt
[2003/06/03 16:24:42 | 000,034,039 | ---- | M] () -- C:\ComboFix2.txt
[2003/06/01 16:12:49 | 000,038,983 | ---- | M] () -- C:\ComboFix3.txt
[2004/10/15 03:38:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/15 09:50:10 | 000,001,889 | ---- | M] () -- C:\control.xml
[2003/08/13 14:06:30 | 000,011,926 | ---- | M] () -- C:\eula.txt
[2011/06/20 17:40:44 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2005/02/16 14:49:25 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2010/06/15 15:58:57 | 000,166,444 | ---- | M] () -- C:\hph7350.log
[2011/02/21 00:52:44 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2003/06/03 13:25:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2004/10/15 03:38:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/17 16:58:30 | 000,000,635 | -H-- | M] () -- C:\IPH.PH
[2004/10/15 03:38:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/07/01 17:43:38 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\msoobci.dll
[2002/11/26 19:03:32 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\mspmsnsv.dll
[2002/11/26 19:03:32 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\mspmsp.dll
[2002/12/11 19:09:22 | 000,358,912 | ---- | M] (Microsoft Corporation) -- C:\MSSCP.dll
[2002/01/05 03:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2002/11/26 20:03:32 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\MSWMDM.dll
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 04:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/06/20 17:40:34 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2005/12/05 13:44:20 | 000,003,787 | ---- | M] () -- C:\plgdbgrpt.log
[2005/07/04 14:20:10 | 013,475,328 | ---- | M] () -- C:\PYT_Video.avi
[2005/11/02 03:55:49 | 000,000,736 | ---- | M] () -- C:\scope
[2003/07/24 01:55:50 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\setup_wm.exe
[2003/06/03 01:33:17 | 004,323,205 | ---- | M] () -- C:\sites.ini
[2008/07/22 22:18:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/08/10 21:48:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/01 18:37:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/01 18:48:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/07/22 22:18:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/08/10 21:48:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/01 18:37:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/01 18:48:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/09/10 16:24:34 | 000,000,014 | ---- | M] () -- C:\statistics.xml
[2007/08/02 20:44:17 | 000,005,120 | -HS- | M] () -- C:\Thumbs.db
[2005/07/04 14:35:12 | 021,392,420 | ---- | M] () -- C:\Video.mpg
[2005/07/04 16:16:48 | 011,804,688 | ---- | M] () -- C:\Video2.iso
[2010/02/24 21:30:37 | 000,001,187 | ---- | M] () -- C:\VundoFix.txt
[2003/08/25 15:58:56 | 000,010,317 | ---- | M] () -- C:\WMDMDist.CAT
[2003/08/21 16:17:38 | 000,001,626 | ---- | M] () -- C:\WMDMDist.inf
[2003/08/22 12:30:18 | 000,001,560 | ---- | M] () -- C:\WMDMDist9x.inf
[2002/11/26 20:03:32 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WMDMLOG.dll
[2002/11/26 20:03:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WMDMPS.dll
[2009/10/04 03:22:23 | 000,000,057 | ---- | M] () -- C:\xcrashdump.dat

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/10/14 20:29:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/14 20:29:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/14 20:29:40 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


OTL Extras logfile created on: 6/22/2011 8:29:36 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 395.60 Mb Available Physical Memory | 38.96% Memory free
2.38 Gb Paging File | 1.47 Gb Available in Paging File | 61.77% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 4.46 Gb Free Space | 3.14% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 2.56 Gb Free Space | 36.76% Space Free | Partition Type: FAT32

Computer Name: YOUR-4F1261A8E5 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57693:TCP" = 57693:TCP:*:Enabled:Pando Media Booster
"57693:UDP" = 57693:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57693:TCP" = 57693:TCP:*:Enabled:Pando Media Booster
"57693:UDP" = 57693:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\7zS33.tmp\SymNRT.exe" = C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\7zS33.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{784DF107-2945-4B65-ADE3-A58ECD6C37A9}" = Sony Vegas 5.0a
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"A2E85A38-C2D9-4EDF-AFDA-F76BCBFEBBC4" = Road Ready Streetwise from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BackWeb-6750491 Uninstaller" = Compaq Connections
"BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9" = Shrek 2 Ogre Bowler from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MapleStory" = MapleStory
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NAV" = Norton AntiVirus
"PS2" = PS2
"QwestQuickCare_is1" = Qwest Quickcare 2.7
"RealPlayer 6.0" = RealPlayer
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"SpySubtract" = SpySubtract
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2011 11:13:44 PM | Computer Name = YOUR-4F1261A8E5 | Source = Bonjour Service | ID = 100
Description =

Error - 5/24/2011 11:13:44 PM | Computer Name = YOUR-4F1261A8E5 | Source = Bonjour Service | ID = 100
Description =

Error - 5/24/2011 11:13:48 PM | Computer Name = YOUR-4F1261A8E5 | Source = Bonjour Service | ID = 100
Description =

Error - 5/24/2011 11:13:48 PM | Computer Name = YOUR-4F1261A8E5 | Source = Bonjour Service | ID = 100
Description =

Error - 5/24/2011 11:13:48 PM | Computer Name = YOUR-4F1261A8E5 | Source = Bonjour Service | ID = 100
Description =

Error - 5/25/2011 12:33:19 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2011 5:54:45 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2011 5:55:55 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2011 4:00:56 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1002
Description = Hanging application vegas50.exe, version 5.0.0.134, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 3:35:51 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/22/2011 12:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At10.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 1:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 2:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 3:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 4:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 5:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 6:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 7:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 8:00:01 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942405

Error - 6/22/2011 9:00:00 PM | Computer Name = YOUR-4F1261A8E5 | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942405


< End of report >
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{8d53170e-707a-11e0-ad9c-0011d8a63e10}\Shell - "" = AutoRun
    O33 - MountPoints2\{8d53170e-707a-11e0-ad9c-0011d8a63e10}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8d53170e-707a-11e0-ad9c-0011d8a63e10}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
    O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
    O33 - MountPoints2\{b67cfbfe-406b-11e0-ad71-0011d8a63e10}\Shell - "" = AutoRun
    O33 - MountPoints2\{b67cfbfe-406b-11e0-ad71-0011d8a63e10}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b67cfbfe-406b-11e0-ad71-0011d8a63e10}\Shell\AutoRun\command - "" = K:\MI.exe
    
    :Files
    C:\WINDOWS\tasks\At*.job
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#5
RMW

RMW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here they are again.

ComboFix 11-06-23.01 - Compaq_Owner 06/23/2011 11:46:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.329 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\ComboFix.exe
AV: Norton AntiVirus Online *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Compaq_Owner.HOME_OFFICE\WINDOWS
c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\WINDOWS
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\temp\0b9
c:\temp\0b9\tmpTF.log
C:\Thumbs.db
c:\windows\adefgh.ini
c:\windows\cs_cache.ini
c:\windows\desktop
c:\windows\desktop\Worship Studio.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\eehkjl.ini
c:\windows\jllklm.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\Unwise32.exe
c:\windows\uvuuwa.ini
c:\windows\wvvycf.ini
c:\windows\wwxbeg.ini
c:\windows\XSxS
C:\xcrashdump.dat
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 18:35 . 2011-06-23 18:40 -------- d-----w- C:\32788R22FWJFW
2011-06-23 16:28 . 2011-06-23 16:28 -------- d-----w- C:\_OTL
2011-06-17 02:22 . 2011-06-17 02:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 23:27 . 2011-06-16 23:27 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Malwarebytes
2011-06-16 23:26 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-16 23:26 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 23:47 . 2011-02-06 19:36 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-09 23:47 . 2011-02-06 19:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-31 03:00 . 2011-05-09 23:47 516216 ----a-w- c:\windows\system32\drivers\NAV\1206000.01D\srtsp.sys
2011-03-31 03:00 . 2011-05-09 23:47 50168 ----a-w- c:\windows\system32\drivers\NAV\1206000.01D\srtspx.sys
2005-07-05 04:36 . 2005-07-05 04:36 2428688 -c--a-w- c:\program files\allok_rm2mp3.exe
2005-07-04 22:59 . 2005-07-04 22:59 461946 -c--a-w- c:\program files\smart.exe
2005-07-04 20:00 . 2005-07-04 20:00 1522839 -c--a-w- c:\program files\dvdripfull92.exe
2004-05-27 11:40 . 2004-05-27 11:40 24265736 -c--a-w- c:\program files\Microsoft .NET Framework 1.1.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-02-16 22:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
2005-02-16 22:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
2005-02-16 22:04 . 2003-02-11 19:02 61440 c:\hp\KBD\bak\KBD.EXE
2005-02-16 22:04 . 2003-02-11 19:02 61440 c:\hp\KBD\kbd.exe
.
2005-02-16 22:07 . 2005-02-16 22:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2005-02-16 22:07 . 2005-02-16 22:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
.
2004-08-27 23:22 . 2007-01-10 01:32 58984 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
.
2004-08-05 17:23 . 2005-07-29 18:35 218240 c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
.
2005-02-16 22:20 . 2005-02-16 22:19 159744 c:\program files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\bak\PCHButton.exe
2005-02-16 22:20 . 2005-02-16 22:19 159744 c:\program files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
.
2002-04-11 12:19 . 2002-04-11 12:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe
2002-04-11 11:19 . 2002-04-11 11:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
2002-04-04 20:04 . 2002-04-04 20:04 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\bak\hphupd04.exe
2002-04-04 20:04 . 2002-04-04 20:04 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
.
2004-10-14 07:04 . 2004-10-14 07:04 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2011-01-25 23:08 . 2011-01-25 23:08 421160 c:\program files\iTunes\iTunesHelper.exe
.
2005-02-16 21:54 . 2005-02-16 21:54 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
2005-02-16 21:54 . 2005-02-16 21:54 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
2007-04-10 18:53 . 2007-03-14 10:43 83608 c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe
.
2006-01-25 20:22 . 2005-05-11 00:04 11776 c:\program files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe
.
2006-01-25 20:22 . 2005-05-11 00:04 110592 c:\program files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe
.
2007-03-07 05:06 . 2007-03-07 05:06 5181440 c:\program files\MySpace\IM\bak\MySpaceIM.exe
.
2005-02-16 22:14 . 2005-02-16 22:14 98304 c:\program files\QuickTime\bak\qttask.exe
2010-11-30 01:38 . 2010-11-30 01:38 421888 c:\program files\QuickTime\QTTask.exe
.
2005-02-16 22:14 . 2004-12-14 09:23 663552 c:\windows\CREATOR\bak\Remind_XP.exe
2005-02-16 22:14 . 2004-12-14 09:23 663552 c:\windows\CREATOR\Remind_XP.exe
.
2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\bak\RECGUARD.EXE
2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe
.
2005-02-16 21:57 . 1998-05-07 16:04 52736 c:\windows\system\bak\hpsysdrv.exe
2005-02-16 21:57 . 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-02-16 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-16 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2011-01-25 45992]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Qwest Personal Digital Vault"="c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
"CinemaNowMediaManagerApp"="c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" [N/A]
"SelectRebates"="c:\program files\SelectRebates\SelectRebates.exe" [N/A]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-4-2 110592]
Avvenu.lnk - c:\program files\Avvenu\Avvenu_agent.exe [N/A]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-2-16 45056]
Free WebSite Tools.lnk - c:\program files\CoffeeCup Software\CoffeeCup Free Viewer Plus\ThirtyDayTimer.exe [2007-10-18 372224]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-5-9 217088]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2005-2-16 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57693:TCP"= 57693:TCP:Pando Media Booster
"57693:UDP"= 57693:UDP:Pando Media Booster
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 4:47 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 4:47 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 3:45 PM 810616]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 4:47 PM 136312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/5/2009 10:37 AM 366640]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 4:47 PM 130008]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 1:02 PM 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [2/3/2011 11:45 PM 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [2/3/2011 11:45 PM 185640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/12/2011 11:42 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110623.001\IDSXpx86.sys [6/23/2011 12:45 AM 355256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/16/2011 4:26 PM 22712]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-06-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-03 17:26]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 17:34]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 17:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
AddRemove-05E21449-3BA3-42BF-BBDA-95205F4EA40A - c:\program files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe
AddRemove-26DC0ED6-93A7-43C1-8DC5-EC16079580F9 - c:\program files\WildTangent\Apps\GameChannel\Games\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\Uninstall.exe
AddRemove-3330A279-CC39-4A17-AE19-DA464B26AD9A - c:\program files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe
AddRemove-66195170-D19D-46C5-8FB7-8A4630071ADC - c:\program files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe
AddRemove-A2E85A38-C2D9-4EDF-AFDA-F76BCBFEBBC4 - c:\program files\WildTangent\Apps\GameChannel\Games\A2E85A38-C2D9-4EDF-AFDA-F76BCBFEBBC4\Uninstall.exe
AddRemove-BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9 - c:\program files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\Uninstall.exe
AddRemove-DE87FA96-7840-420C-86F9-33F3B7B3CED1 - c:\program files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe
AddRemove-FA7F5211-C629-4711-BD82-7DFFB08CB518 - c:\program files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 12:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3540)
c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\InterMute\SpySubtract\SpySub.exe
.
**************************************************************************
.
Completion time: 2011-06-23 12:18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-23 19:18
ComboFix2.txt 2003-06-04 00:47
.
Pre-Run: 5,876,101,120 bytes free
Post-Run: 14,109,048,832 bytes free
.
- - End Of File - - 0FB3675F71F6C7033F695B25A15EDB8E


OTL logfile created on: 6/23/2011 11:07:51 AM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 215.30 Mb Available Physical Memory | 21.21% Memory free
2.38 Gb Paging File | 1.61 Gb Available in Paging File | 67.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 5.55 Gb Free Space | 3.90% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 2.56 Gb Free Space | 36.76% Space Free | Partition Type: FAT32

Computer Name: YOUR-4F1261A8E5 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/25 14:30:38 | 000,045,992 | ---- | M] (Qwest Communications) -- C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
PRC - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
PRC - [2010/01/16 14:30:02 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/18 14:58:34 | 001,064,808 | ---- | M] () -- C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2005/02/16 15:17:00 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2005/02/16 15:15:36 | 001,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2005/02/16 14:54:35 | 000,241,777 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
PRC - [2005/02/16 14:54:35 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2004/10/13 16:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 16:00:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/10/13 14:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/26 00:29:44 | 000,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Program Files\CASIO\Photo Loader\Plauto.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
MOD - [2010/01/16 14:30:06 | 000,116,008 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprthook.dll
MOD - [2005/02/16 15:17:00 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\IadHide5.dll
MOD - [2004/08/04 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/01/16 14:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare)
SRV - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)


========== Driver Services (SafeList) ==========

DRV - [2011/06/02 18:08:20 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110623.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/19 12:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 17:23:58 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110623.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 17:23:58 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110623.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 16:47:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 16:47:34 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 16:47:25 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 22:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2004/10/13 17:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/18 00:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 09:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 14:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/06/23 10:45:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/23 10:50:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - File not found
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Avvenu.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free Viewer Plus\ThirtyDayTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 03:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 09:28:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/22 20:21:29 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
[2011/06/17 12:03:35 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\HiJackThis.exe
[2011/06/16 16:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Malwarebytes
[2011/06/16 16:26:38 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/16 16:26:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/29 17:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2005/07/04 21:36:10 | 002,428,688 | ---- | C] (Allok Soft,Inc. ) -- C:\Program Files\allok_rm2mp3.exe
[2005/07/04 15:59:28 | 000,461,946 | ---- | C] (e-merge GmbH) -- C:\Program Files\smart.exe
[2004/05/27 04:40:06 | 024,265,736 | ---- | C] (Microsoft) -- C:\Program Files\Microsoft .NET Framework 1.1.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 11:00:41 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/06/23 11:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\ssbswbmy.job
[2011/06/23 10:58:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/23 10:58:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 10:58:09 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/23 10:50:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/23 09:36:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
[2011/06/22 14:20:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/17 12:03:38 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\HiJackThis.exe
[2011/06/16 18:45:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/16 16:26:43 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/24 21:20:43 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url

========== Files Created - No Company Name ==========

[2011/05/12 21:49:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/05/03 23:21:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/21 18:27:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 12:14:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/01/05 20:21:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\fusioncache.dat
[2010/06/11 18:08:43 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2010/06/11 18:08:30 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2009/12/15 12:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmahepijovap.bin
[2009/12/15 12:09:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Khacefed.dat
[2009/05/05 09:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/04/29 11:24:03 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009/01/21 15:35:46 | 000,292,284 | ---- | C] () -- C:\WINDOWS\rgmonsvc.exe
[2009/01/14 18:00:56 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 23:49:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/03/30 13:01:50 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/01/16 21:55:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2007/05/31 14:52:12 | 001,102,518 | -HS- | C] () -- C:\WINDOWS\wwxbeg.ini
[2007/05/06 17:59:40 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/05 10:36:44 | 000,086,528 | ---- | C] () -- C:\WINDOWS\catchme.exe
[2007/04/27 11:40:53 | 001,579,063 | -HS- | C] () -- C:\WINDOWS\wvvycf.ini
[2007/04/04 06:51:45 | 000,004,317 | ---- | C] () -- C:\WINDOWS\cs_cache.ini
[2007/02/24 19:44:38 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/02/24 19:44:32 | 000,257,693 | ---- | C] () -- C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe
[2007/02/24 19:42:55 | 000,000,966 | ---- | C] () -- C:\WINDOWS\CDRip.INI
[2006/12/18 17:53:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/10/27 18:56:59 | 000,000,526 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/15 20:54:31 | 000,000,141 | ---- | C] () -- C:\WINDOWS\Vogone2.INI
[2005/11/28 23:44:12 | 000,005,920 | ---- | C] () -- C:\WINDOWS\CDex.INI
[2005/11/10 19:32:23 | 000,000,179 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/10/12 22:05:37 | 000,000,776 | ---- | C] () -- C:\WINDOWS\ASPROFIL.INI
[2005/09/24 13:48:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/09/24 13:42:24 | 000,015,584 | ---- | C] () -- C:\WINDOWS\aodp202.ini
[2005/09/21 09:29:08 | 000,153,088 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2005/07/22 14:57:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/07/11 18:56:27 | 000,012,890 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/04 21:14:40 | 006,182,428 | ---- | C] () -- C:\Program Files\ac3decoder.zip
[2005/07/04 13:00:27 | 001,522,839 | ---- | C] () -- C:\Program Files\dvdripfull92.exe
[2005/04/20 21:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/04/19 20:27:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/18 17:11:46 | 000,000,243 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/04/18 15:45:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2005/02/16 15:46:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 15:43:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/16 15:43:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/16 15:43:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/16 15:43:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/16 15:43:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/16 15:43:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/16 15:17:00 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/02/16 15:16:03 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/02/16 15:15:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/02/16 15:15:37 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/16 15:12:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/16 15:02:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/16 14:59:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/16 14:54:43 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/02/16 14:54:43 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005/02/16 14:50:55 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/16 14:49:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/15 03:52:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/15 03:43:00 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/15 03:43:00 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/15 03:41:10 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/15 03:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/15 03:36:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/13 16:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 21:38:02 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/06/03 18:05:06 | 001,102,399 | -HS- | C] () -- C:\WINDOWS\uvuuwa.ini
[2003/06/03 12:53:09 | 001,102,501 | -HS- | C] () -- C:\WINDOWS\eehkjl.ini
[2003/06/03 02:01:43 | 001,102,039 | -HS- | C] () -- C:\WINDOWS\jllklm.ini
[2003/06/02 17:53:11 | 001,101,965 | -HS- | C] () -- C:\WINDOWS\adefgh.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/03/14 09:37:28 | 000,323,711 | ---- | C] () -- C:\WINDOWS\UNINCDRW.exe

========== LOP Check ==========

[2007/04/14 18:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/10/12 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2007/12/13 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/06 22:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/13 12:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/05/11 23:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/06/12 00:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/22 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/02/11 15:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/05/12 21:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2006/07/19 21:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/02/03 23:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2011/02/03 23:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/24 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/05/29 15:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 22:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/07/16 12:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/02/16 15:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\InterMute
[2011/02/21 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\InterVideo
[2011/02/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Leadertech
[2011/01/11 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\NetMedia Providers
[2011/01/11 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Publish Providers
[2005/02/16 15:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\SampleView
[2011/01/11 18:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Sony
[2011/04/21 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Steinberg
[2011/06/23 11:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\ssbswbmy.job

========== Purity Check ==========



< End of report >
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\smart.exe
c:\program files\dvdripfull92.exe
C:\WINDOWS\System32\msexcr.ini
C:\WINDOWS\Bmahepijovap.bin
C:\WINDOWS\Khacefed.dat
C:\WINDOWS\mozregistry.dat
C:\WINDOWS\IfoEdit.INI
C:\WINDOWS\rgmonsvc.exe
C:\WINDOWS\wwxbeg.ini
C:\WINDOWS\WSYS049.SYS
C:\WINDOWS\uvuuwa.ini
C:\WINDOWS\eehkjl.ini
C:\WINDOWS\jllklm.ini
C:\WINDOWS\adefgh.ini


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
RMW

RMW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
ComboFix 11-06-23.01 - Compaq_Owner 06/23/2011 13:59:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.317 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\CFScript.txt
AV: Norton AntiVirus Online *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
FILE ::
"c:\program files\dvdripfull92.exe"
"c:\program files\smart.exe"
"c:\windows\adefgh.ini"
"c:\windows\Bmahepijovap.bin"
"c:\windows\eehkjl.ini"
"c:\windows\IfoEdit.INI"
"c:\windows\jllklm.ini"
"c:\windows\Khacefed.dat"
"c:\windows\mozregistry.dat"
"c:\windows\rgmonsvc.exe"
"c:\windows\System32\msexcr.ini"
"c:\windows\uvuuwa.ini"
"c:\windows\WSYS049.SYS"
"c:\windows\wwxbeg.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Temp\IadHide5.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 16:28 . 2011-06-23 16:28 -------- d-----w- C:\_OTL
2011-06-17 02:22 . 2011-06-17 02:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 23:27 . 2011-06-16 23:27 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Malwarebytes
2011-06-16 23:26 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-16 23:26 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 20:59 . 2005-07-04 22:59 461946 -c--a-w- c:\program files\smart.exe
2011-06-23 20:59 . 2005-07-04 20:00 1522839 -c--a-w- c:\program files\dvdripfull92.exe
2011-05-09 23:47 . 2011-02-06 19:36 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-09 23:47 . 2011-02-06 19:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-31 03:00 . 2011-05-09 23:47 516216 ----a-w- c:\windows\system32\drivers\NAV\1206000.01D\srtsp.sys
2011-03-31 03:00 . 2011-05-09 23:47 50168 ----a-w- c:\windows\system32\drivers\NAV\1206000.01D\srtspx.sys
2005-07-05 04:36 . 2005-07-05 04:36 2428688 -c--a-w- c:\program files\allok_rm2mp3.exe
2004-05-27 11:40 . 2004-05-27 11:40 24265736 -c--a-w- c:\program files\Microsoft .NET Framework 1.1.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-02-16 22:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
2005-02-16 22:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
2005-02-16 22:04 . 2003-02-11 19:02 61440 c:\hp\KBD\bak\KBD.EXE
2005-02-16 22:04 . 2003-02-11 19:02 61440 c:\hp\KBD\kbd.exe
.
2005-02-16 22:07 . 2005-02-16 22:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2005-02-16 22:07 . 2005-02-16 22:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
.
2004-08-27 23:22 . 2007-01-10 01:32 58984 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
.
2004-08-05 17:23 . 2005-07-29 18:35 218240 c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
.
2005-02-16 22:20 . 2005-02-16 22:19 159744 c:\program files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\bak\PCHButton.exe
2005-02-16 22:20 . 2005-02-16 22:19 159744 c:\program files\Help and Support Additions\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
.
2002-04-11 12:19 . 2002-04-11 12:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe
2002-04-11 11:19 . 2002-04-11 11:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
2002-04-04 20:04 . 2002-04-04 20:04 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\bak\hphupd04.exe
2002-04-04 20:04 . 2002-04-04 20:04 49152 c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
.
2004-10-14 07:04 . 2004-10-14 07:04 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2011-01-25 23:08 . 2011-01-25 23:08 421160 c:\program files\iTunes\iTunesHelper.exe
.
2005-02-16 21:54 . 2005-02-16 21:54 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
2005-02-16 21:54 . 2005-02-16 21:54 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
2007-04-10 18:53 . 2007-03-14 10:43 83608 c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe
.
2006-01-25 20:22 . 2005-05-11 00:04 11776 c:\program files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe
.
2006-01-25 20:22 . 2005-05-11 00:04 110592 c:\program files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe
.
2007-03-07 05:06 . 2007-03-07 05:06 5181440 c:\program files\MySpace\IM\bak\MySpaceIM.exe
.
2005-02-16 22:14 . 2005-02-16 22:14 98304 c:\program files\QuickTime\bak\qttask.exe
2010-11-30 01:38 . 2010-11-30 01:38 421888 c:\program files\QuickTime\QTTask.exe
.
2005-02-16 22:14 . 2004-12-14 09:23 663552 c:\windows\CREATOR\bak\Remind_XP.exe
2005-02-16 22:14 . 2004-12-14 09:23 663552 c:\windows\CREATOR\Remind_XP.exe
.
2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\bak\RECGUARD.EXE
2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe
.
2005-02-16 21:57 . 1998-05-07 16:04 52736 c:\windows\system\bak\hpsysdrv.exe
2005-02-16 21:57 . 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-02-16 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-02-16 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2011-01-25 45992]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Qwest Personal Digital Vault"="c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
"CinemaNowMediaManagerApp"="c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" [N/A]
"SelectRebates"="c:\program files\SelectRebates\SelectRebates.exe" [N/A]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-4-2 110592]
Avvenu.lnk - c:\program files\Avvenu\Avvenu_agent.exe [N/A]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-2-16 45056]
Free WebSite Tools.lnk - c:\program files\CoffeeCup Software\CoffeeCup Free Viewer Plus\ThirtyDayTimer.exe [2007-10-18 372224]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-5-9 217088]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2005-2-16 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57693:TCP"= 57693:TCP:Pando Media Booster
"57693:UDP"= 57693:UDP:Pando Media Booster
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 4:47 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 4:47 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 3:45 PM 810616]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 4:47 PM 136312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/5/2009 10:37 AM 366640]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 4:47 PM 130008]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 1:02 PM 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [2/3/2011 11:45 PM 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [2/3/2011 11:45 PM 185640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/12/2011 11:42 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110623.001\IDSXpx86.sys [6/23/2011 12:45 AM 355256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/16/2011 4:26 PM 22712]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\CFcatchme.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-03 17:26]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 17:34]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 17:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 14:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3892)
c:\docume~1\COMPAQ~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\InterMute\SpySubtract\SpySub.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-06-23 14:30:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-23 21:29
ComboFix2.txt 2011-06-23 19:18
ComboFix3.txt 2003-06-04 00:47
.
Pre-Run: 14,094,655,488 bytes free
Post-Run: 14,095,708,160 bytes free
.
- - End Of File - - 1D384F83A12E50BC2235300D9E19CEA2
  • 0

#8
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#9
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
topic reopened

post the logs
  • 0

Advertisements


#11
RMW

RMW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7f554dd1c571444d90da2bce9a81c1f4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-27 10:33:03
# local_time=2011-06-27 03:33:03 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=223778
# found=12
# cleaned=12
# scan_time=20267
C:\QooBox\Quarantine\C\WINDOWS\adefgh.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\eehkjl.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\jllklm.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\uvuuwa.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\wvvycf.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\QooBox\Quarantine\C\WINDOWS\wwxbeg.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP129\A0088134.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP129\A0088137.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP129\A0088138.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP129\A0088140.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP129\A0088141.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP129\A0088142.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6955

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/26/2011 8:58:26 PM
mbam-log-2011-06-26 (20-58-26).txt

Scan type: Quick scan
Objects scanned: 214724
Time elapsed: 22 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

My computer has been acting much smoother - RMW
  • 0

#12
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#13
RMW

RMW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL logfile created on: 6/29/2011 9:55:22 AM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 311.74 Mb Available Physical Memory | 30.70% Memory free
2.38 Gb Paging File | 1.26 Gb Available in Paging File | 52.72% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.07 Gb Total Space | 12.49 Gb Free Space | 8.79% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 2.56 Gb Free Space | 36.76% Space Free | Partition Type: FAT32

Computer Name: YOUR-4F1261A8E5 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/25 14:30:38 | 000,045,992 | ---- | M] (Qwest Communications) -- C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
PRC - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
PRC - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
PRC - [2010/01/16 14:30:02 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/18 14:58:34 | 001,064,808 | ---- | M] () -- C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
PRC - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2005/02/16 15:17:00 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2005/02/16 15:15:36 | 001,187,840 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe
PRC - [2005/02/16 14:54:35 | 000,241,777 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
PRC - [2005/02/16 14:54:35 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRC - [2004/10/13 16:17:06 | 002,742,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/10/13 14:01:50 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/26 00:29:44 | 000,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Program Files\CASIO\Photo Loader\Plauto.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
MOD - [2010/01/16 14:30:06 | 000,116,008 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprthook.dll
MOD - [2005/02/16 15:17:00 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\temp\IadHide5.dll
MOD - [2004/08/04 11:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/01/16 14:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare)
SRV - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare)
SRV - [2008/01/08 13:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/06/02 18:08:20 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110628.050\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/19 12:37:06 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/17 17:23:58 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110629.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/17 17:23:58 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110629.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/09 16:47:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 16:47:34 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 16:47:25 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 22:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2004/10/13 17:33:20 | 002,287,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/18 00:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/09/19 09:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/10/04 10:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 14:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/06/23 10:45:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/23 14:18:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SelectRebates] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Avvenu.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free Viewer Plus\ThirtyDayTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/15 03:38:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/23 11:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/23 11:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/23 11:40:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/23 11:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/23 11:37:13 | 004,135,090 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\ComboFix.exe
[2011/06/23 09:28:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/22 20:21:29 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
[2011/06/17 12:03:35 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\HiJackThis.exe
[2011/06/16 16:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Malwarebytes
[2011/06/16 16:26:38 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/16 16:26:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2005/07/04 21:36:10 | 002,428,688 | ---- | C] (Allok Soft,Inc. ) -- C:\Program Files\allok_rm2mp3.exe
[2004/05/27 04:40:06 | 024,265,736 | ---- | C] (Microsoft) -- C:\Program Files\Microsoft .NET Framework 1.1.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/29 09:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/29 03:36:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 14:20:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/23 18:45:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/23 14:19:06 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/06/23 14:18:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 14:18:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 14:18:03 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/23 13:59:30 | 000,461,946 | ---- | M] () -- C:\Program Files\smart.exe
[2011/06/23 11:38:58 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\ComboFix.exe
[2011/06/22 20:21:38 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\OTL.exe
[2011/06/17 12:03:38 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Desktop\HiJackThis.exe
[2011/06/16 16:26:43 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/06/23 11:40:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/23 11:40:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/23 11:40:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/23 11:40:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/23 11:40:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/12 21:49:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/05/03 23:21:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/21 18:27:39 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 12:14:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/01/05 20:21:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Local Settings\Application Data\fusioncache.dat
[2010/06/11 18:08:43 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2010/06/11 18:08:30 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2009/12/15 12:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmahepijovap.bin
[2009/12/15 12:09:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Khacefed.dat
[2009/05/05 09:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/04/29 11:24:03 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2009/01/14 18:00:56 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 23:49:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/03/30 13:01:50 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/01/16 21:55:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2007/05/06 17:59:40 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/24 19:44:38 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/02/24 19:44:32 | 000,257,693 | ---- | C] () -- C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe
[2007/02/24 19:42:55 | 000,000,966 | ---- | C] () -- C:\WINDOWS\CDRip.INI
[2006/12/18 17:53:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/10/27 18:56:59 | 000,000,526 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/12/15 20:54:31 | 000,000,141 | ---- | C] () -- C:\WINDOWS\Vogone2.INI
[2005/11/28 23:44:12 | 000,005,920 | ---- | C] () -- C:\WINDOWS\CDex.INI
[2005/11/10 19:32:23 | 000,000,179 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/10/12 22:05:37 | 000,000,776 | ---- | C] () -- C:\WINDOWS\ASPROFIL.INI
[2005/09/24 13:48:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2005/09/24 13:42:24 | 000,015,584 | ---- | C] () -- C:\WINDOWS\aodp202.ini
[2005/07/22 14:57:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/07/11 18:56:27 | 000,012,890 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/04 21:14:40 | 006,182,428 | ---- | C] () -- C:\Program Files\ac3decoder.zip
[2005/07/04 15:59:28 | 000,461,946 | ---- | C] () -- C:\Program Files\smart.exe
[2005/04/20 21:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/04/19 20:27:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/04/18 17:11:46 | 000,000,243 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/04/18 15:45:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2005/02/16 15:46:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/16 15:43:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/16 15:43:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/16 15:43:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/16 15:43:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/16 15:43:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/16 15:43:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/16 15:17:00 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2005/02/16 15:16:03 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/02/16 15:15:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/02/16 15:15:37 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/16 15:12:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/16 15:02:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/02/16 14:59:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/02/16 14:54:43 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005/02/16 14:54:43 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005/02/16 14:50:55 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/16 14:49:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/15 03:52:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/15 03:43:00 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/15 03:43:00 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/15 03:41:10 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/10/15 03:37:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/15 03:36:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/13 16:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 21:38:02 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 23:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/03/14 09:37:28 | 000,323,711 | ---- | C] () -- C:\WINDOWS\UNINCDRW.exe

========== LOP Check ==========

[2007/04/14 18:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/10/12 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2007/12/13 19:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/08/06 22:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/13 12:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/05/11 23:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/06/12 00:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/22 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/02/11 15:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2011/05/12 21:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2006/07/19 21:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/02/03 23:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2011/02/03 23:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/24 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/05/29 15:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 22:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/07/16 12:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2005/02/16 15:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\InterMute
[2011/02/21 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\InterVideo
[2011/02/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Leadertech
[2011/01/11 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\NetMedia Providers
[2011/01/11 18:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Publish Providers
[2005/02/16 15:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\SampleView
[2011/01/11 18:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Sony
[2011/04/21 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Steinberg

========== Purity Check ==========



< End of report >

As of now, I am still getting the 'MicroTrend popups.
  • 0

#14
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :)

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Thank you :unsure:
  • 0

#15
RMW

RMW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I still have the MicrosTrend popup. It happens for sure, everytime I reboot the PC. And then inadvertantly when openning a browser or even just anytime by itself.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP