Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infections found by eset


  • Please log in to reply

#1
gvnaz

gvnaz

    Member

  • Member
  • PipPip
  • 66 posts
just noticed that eset found 3 infections last night during a regularly scheduled scan. now im wondering if anything else is lurking that shouldnt be here.


OTL.Txt

OTL logfile created on: 2011-07-08 5:26:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Nolan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.54% Memory free
3.85 Gb Paging File | 3.18 Gb Available in Paging File | 82.65% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 46.28 Gb Free Space | 49.69% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: John Nolan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-08 17:21:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Nolan\Desktop\OTL.exe
PRC - [2011-06-22 09:36:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-05-29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\[spyscanner]\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008-04-13 17:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008-04-13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-01 04:54:52 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2007-12-21 08:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007-10-07 20:39:46 | 000,450,560 | ---- | M] (Duality Software) -- C:\Program Files\DS Clock\dsclock.exe
PRC - [2006-11-03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006-06-28 13:00:00 | 004,972,544 | ---- | M] (MyFamily.com, Inc.) -- C:\Program Files\Family Tree Maker 2006\Ftw.exe
PRC - [2005-04-20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe
PRC - [2004-09-07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004-09-07 17:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004-09-07 17:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe


========== Modules (SafeList) ==========

MOD - [2011-07-08 17:21:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Nolan\Desktop\OTL.exe
MOD - [2010-08-23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005-09-08 17:58:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005-09-08 17:58:00 | 001,019,904 | ---- | M] () -- C:\WINDOWS\system32\nvwimg.dll
MOD - [2005-09-08 17:58:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2008-03-01 04:58:08 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007-12-21 08:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006-11-03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005-04-20 10:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc)
SRV - [2005-03-14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004-09-07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - [2008-03-01 04:56:36 | 000,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2008-03-01 04:56:34 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008-03-01 04:56:30 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2008-03-01 04:53:16 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-03-01 04:52:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2005-05-03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005-05-03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005-05-03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-03-10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005-01-25 16:55:08 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004-10-21 16:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004-08-31 09:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004-08-12 09:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004-06-17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001-08-22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}:0.6.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dc0fa13c-3dae-73eb-e852-912722c852f9}:0.3
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-22 09:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-22 09:36:33 | 000,000,000 | ---D | M]

[2008-09-01 00:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Extensions
[2011-07-08 09:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions
[2011-04-08 10:36:02 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011-04-08 10:35:34 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010-03-14 18:45:30 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011-04-08 10:36:04 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2008-09-01 00:54:52 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011-04-08 10:36:01 | 000,000,000 | ---D | M] (deskCut) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
[2011-04-08 10:35:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-04-08 10:35:58 | 000,000,000 | ---D | M] (QuickNote) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2011-04-08 10:35:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-03-14 18:45:35 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011-04-08 10:35:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011-04-08 10:35:36 | 000,000,000 | ---D | M] (MileWideBack) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
[2011-04-08 10:35:19 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011-04-08 10:35:27 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2011-04-08 10:35:33 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\[email protected]
[2011-06-20 22:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\[email protected]
[2011-07-07 18:01:21 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\ancestry---surnames.xml
[2011-07-07 18:01:22 | 000,006,240 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\bible-gateway.xml
[2011-07-07 18:01:20 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\buycom.xml
[2011-07-07 18:01:22 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\imdb.xml
[2011-07-07 18:01:22 | 000,002,728 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\newegg.xml
[2011-07-07 18:01:22 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\youtube.xml
[2011-07-07 18:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-04-10 17:06:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-09-01 20:26:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007-05-11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2011-04-12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2008-04-27 17:55:33 | 000,000,002 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DS Clock] C:\Program Files\DS Clock\dsclock.exe (Duality Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1209536045436 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\John Nolan\Application Data\nView_Wallpaper\PerMonitorWallpaper0.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John Nolan\Application Data\nView_Wallpaper\PerMonitorWallpaper0.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-02-23 19:27:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5454ac9a-e31d-11dd-805c-0013ce307f64}\Shell - "" = AutoRun
O33 - MountPoints2\{5454ac9a-e31d-11dd-805c-0013ce307f64}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5454ac9a-e31d-11dd-805c-0013ce307f64}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9a8d16bc-e292-11dc-bf9a-0010c6945ddb}\Shell - "" = AutoRun
O33 - MountPoints2\{9a8d16bc-e292-11dc-bf9a-0010c6945ddb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a8d16bc-e292-11dc-bf9a-0010c6945ddb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9a8d16be-e292-11dc-bf9a-0010c6945ddb}\Shell - "" = AutoRun
O33 - MountPoints2\{9a8d16be-e292-11dc-bf9a-0010c6945ddb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a8d16be-e292-11dc-bf9a-0010c6945ddb}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-08 17:20:44 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Nolan\Desktop\OTL.exe
[2011-06-28 09:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011-06-26 13:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Nolan\Start Menu\Programs\The KMPlayer
[2011-06-25 17:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Nolan\Application Data\EurekaLog
[2011-06-22 13:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo update check

========== Files - Modified Within 30 Days ==========

[2011-07-08 17:28:25 | 000,140,151 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011-07-08 17:21:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Nolan\Desktop\OTL.exe
[2011-07-08 17:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-08 13:10:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-08 10:35:44 | 330,430,464 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\VERTZ5~2_exported errors fixed2.FTW
[2011-07-08 08:57:22 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011-07-08 08:13:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-07-08 08:11:29 | 000,029,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-07-08 08:11:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-08 08:10:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-08 08:10:41 | 2146,922,496 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-01 10:51:54 | 330,430,464 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\VERTZ5~4.FBK
[2011-06-29 07:32:50 | 000,503,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-29 07:32:50 | 000,087,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-28 09:13:23 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011-06-27 16:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-06-26 13:09:24 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\John Nolan\Desktop\KMPlayer.lnk
[2011-06-22 12:49:33 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-06-20 19:32:17 | 000,015,872 | -HS- | M] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\87pv7k70panvl6a
[2011-06-20 07:09:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-06-19 14:01:53 | 000,140,151 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011-06-11 14:18:12 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011-06-28 09:13:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011-06-26 13:09:24 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\John Nolan\Desktop\KMPlayer.lnk
[2011-06-22 13:01:33 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\John Nolan\Start Menu\Programs\Update Checker.lnk
[2011-06-20 17:49:26 | 000,015,872 | -HS- | C] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\87pv7k70panvl6a
[2011-06-20 07:07:41 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-01-30 21:35:08 | 000,025,596 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009-09-25 12:05:28 | 000,105,166 | ---- | C] () -- C:\WINDOWS\HPFins09.dat.temp
[2009-09-25 12:05:28 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat.temp
[2009-01-19 00:30:09 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\John Nolan\Application Data\PnkBstrK.sys
[2008-05-26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008-05-05 20:30:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-03-21 18:57:15 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008-03-21 18:57:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008-03-21 18:56:20 | 000,000,732 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008-03-21 17:07:31 | 000,102,833 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2008-03-21 17:07:31 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2008-03-13 07:34:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008-02-28 10:01:50 | 000,001,808 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008-02-25 22:42:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008-02-23 22:35:52 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008-02-23 22:32:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-02-23 22:20:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008-02-23 22:00:34 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-02-23 19:53:45 | 000,140,151 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008-02-23 19:51:25 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-02-23 19:51:25 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-02-23 19:51:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-02-23 19:51:24 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-02-23 19:51:22 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-02-23 19:51:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-02-23 19:51:19 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-02-23 19:51:17 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-02-23 19:42:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008-02-23 19:29:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-02-23 19:23:49 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-02-23 11:17:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-02-23 11:16:35 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-02-11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008-02-11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008-02-08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008-02-05 08:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007-12-14 12:32:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007-09-27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007-07-27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007-07-27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2005-12-05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005-12-05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005-03-21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005-03-21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004-08-04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 05:00:00 | 000,503,348 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 05:00:00 | 000,087,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001-07-06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008-08-14 12:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008-02-23 21:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008-04-22 19:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ktetifmn
[2009-09-03 16:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-03-25 18:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011-05-28 07:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-01-29 18:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-05-07 12:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008-04-12 22:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Amazon
[2011-04-22 00:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Auslogics
[2008-03-23 20:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\drms
[2008-02-23 23:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Duality Software
[2008-08-14 12:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\ESET
[2011-06-25 17:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\EurekaLog
[2010-07-24 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\id Software
[2009-09-24 17:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Image Zone Express
[2009-08-10 14:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\IrfanView
[2008-02-23 22:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\MyFamily.com
[2011-07-08 08:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\nView_Wallpaper
[2009-07-04 15:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\SystemRequirementsLab
[2009-03-23 00:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Windows Desktop Search
[2009-03-27 10:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Windows Search
[2008-04-28 18:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\WinPatrol
[2011-06-01 14:27:34 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2011-07-08 08:13:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



Extras.Txt

OTL Extras logfile created on: 2011-07-08 5:26:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Nolan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.54% Memory free
3.85 Gb Paging File | 3.18 Gb Available in Paging File | 82.65% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 46.28 Gb Free Space | 49.69% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: John Nolan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Disabled:Nero ControlCenter -- (Nero AG)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6ECB944F-D027-4E8A-9906-70E77C005AD5}" = ESET Smart Security
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 9.20
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"DS Clock_is1" = DS Clock
"EsetOnlineScanner" = ESET Online Scanner
"FileHippo.com" = FileHippo.com Update Checker
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NVIDIA Drivers" = NVIDIA Drivers
"POWERPOINT" = Microsoft Office PowerPoint 2007
"ProInst" = Intel® PROSet/Wireless Software
"RegSupreme Pro_is1" = RegSupreme Pro 1.0
"Revo Uninstaller" = Revo Uninstaller 1.92
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 1.0.3
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-06-11 9:16:52 PM | Computer Name = LAPPY | Source = nview_info | ID = 11141121
Description =

Error - 2011-06-13 7:12:56 PM | Computer Name = LAPPY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 2011-06-15 8:01:26 PM | Computer Name = LAPPY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072f76, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 2011-06-20 9:19:40 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application csv.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011-06-20 9:21:46 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application csv.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011-06-20 9:28:46 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application csv.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011-06-20 10:32:29 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application csv.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011-06-26 4:12:52 PM | Computer Name = LAPPY | Source = Application Error | ID = 1000
Description = Faulting application ftw.exe, version 16.0.350.0, faulting module
ftw.exe, version 16.0.350.0, fault address 0x0003aee9.

Error - 2011-06-29 10:41:48 AM | Computer Name = LAPPY | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2011-07-07 9:08:16 PM | Computer Name = LAPPY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

[ System Events ]
Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The Nero BackItUp Scheduler 3 service terminated unexpectedly. It
has done this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The PLFlash DeviceIoControl Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The RegSrvc service terminated unexpectedly. It has done this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The Washer AutoComplete service terminated unexpectedly. It has done
this 1 time(s).

Error - 2011-06-22 3:51:11 PM | Computer Name = LAPPY | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
[2011-06-20 17:49:26 | 000,015,872 | -HS- | C] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\87pv7k70panvl6a

Looks like it's part of this: http://home.mcafee.c...key=527049#none

Don't see any other signs of it tho so guess ESET did its job. We'll go through a few scans to see if we can find anything.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14


Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
[2011-06-20 17:49:26 | 000,015,872 | -HS- | C] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\87pv7k70panvl6a

:files
%USERPROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%ALLUSERSPROFILE%\Application Data\87pv7k70panvl6a
%USERPROFILE%\Local Settings\Application Data\87pv7k70panvl6a
%TEMP%\87pv7k70panvl6a
%USERPROFILE%\Templates\87pv7k70panvl6a
%TEMP%\nap.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

(There is now an option to have aswMBR use the Avast scan engine to check your system. IF you are feeling paranoid go ahead and let it scan.)

Ron
  • 0

#3
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
OTL

========== PROCESSES ==========
All processes killed
========== OTL ==========
File C:\Documents and Settings\John Nolan\Local Settings\Application Data\87pv7k70panvl6a not found.
========== FILES ==========
C:\Documents and Settings\John Nolan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\87pv7k70panvl6a not found.
C:\Documents and Settings\John Nolan\Local Settings\Application Data\87pv7k70panvl6a moved successfully.
File/Folder C:\DOCUME~1\JOHNNO~1\LOCALS~1\Temp\87pv7k70panvl6a not found.
C:\Documents and Settings\John Nolan\Templates\87pv7k70panvl6a moved successfully.
File/Folder C:\DOCUME~1\JOHNNO~1\LOCALS~1\Temp\nap.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07092011_182230

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


MBAM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7060

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-07-09 6:40:17 PM
mbam-log-2011-07-09 (18-40-17).txt

Scan type: Quick scan
Objects scanned: 171634
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


i will edit in combofix and aswMBR

OK

Edited by gvnaz, 09 July 2011 - 08:32 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
Please use a separate post for any other logs. I don't get notified otherwise.

Ron
  • 0

#5
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
computer crashed during aswMBR scan so i will rerun that one a little later.

combofix

ComboFix 11-07-09.03 - John Nolan 2011-07-09 18:53:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1483 [GMT -7:00]
Running from: c:\documents and settings\John Nolan\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John Nolan\Application Data\EurekaLog
c:\documents and settings\John Nolan\Application Data\EurekaLog\RMReader\RMReader.elf
c:\windows\system32\$winnt$.inf
c:\windows\vb.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 01:35 . 2011-07-10 01:35 -------- d-----w- c:\program files\Common Files\Java
2011-07-10 01:22 . 2011-07-10 01:22 -------- d-----w- C:\_OTL
2011-07-10 00:56 . 2011-05-04 11:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-10 00:56 . 2011-05-04 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-10 00:56 . 2011-05-04 09:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-09 01:52 . 2011-07-09 01:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-09 01:50 . 2011-07-09 01:50 -------- d-sh--w- c:\documents and settings\John Nolan\IETldCache
2011-07-09 01:42 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-07-09 01:40 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-09 01:40 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-09 01:40 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-09 01:40 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-09 01:40 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-09 01:40 . 2011-04-26 17:11 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-09 01:40 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-09 01:37 . 2011-07-09 01:39 -------- dc-h--w- c:\windows\ie8
2011-07-08 22:26 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5F943F19-B74D-4AC3-96E6-1EF41B9F7FBB}\mpengine.dll
2011-06-22 20:01 . 2011-06-22 20:01 -------- d-----w- c:\program files\FileHippo update check
2011-06-22 17:50 . 2011-06-22 17:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-19 21:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-19 21:04 . 2011-04-30 03:01 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2008-02-26 01:29 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-29 16:11 . 2008-07-23 01:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2008-07-23 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 02:14 . 2009-10-02 20:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 15:31 . 2008-02-24 02:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DS Clock"="c:\program files\DS Clock\dsclock.exe" [2007-10-08 450560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"nwiz"="nwiz.exe" [2005-09-09 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-09 7118848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-08 00:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 23:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 20:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-09-09 00:58 7118848 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-09-09 00:58 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 8:21 AM 468224]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 8:19 PM 13592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 1:16 PM 130384]
S2 gupdate1c9a34ae74d8758;Google Update Service (gupdate1c9a34ae74d8758);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-09-20 9:13 AM 10240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-08-04 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
2011-06-01 c:\windows\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
- c:\program files\Auslogics Disk Defrag\DiskDefrag.exe [2011-04-22 01:24]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 19:44]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 19:44]
.
2011-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Nuke Anything Enhanced: {1ced4832-f06e-413f-aa14-9eb63ad40ace} - %profile%\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
FF - Ext: CuteMenus - Crystal SVG: {63df8e21-711c-4074-a257-b065cadc28d8} - %profile%\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
FF - Ext: deskCut: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA} - %profile%\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
FF - Ext: QuickNote: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9} - %profile%\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Fast Dial: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-09 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-07-09 18:59:39
ComboFix-quarantined-files.txt 2011-07-10 01:59
.
Pre-Run: 49,386,516,480 bytes free
Post-Run: 49,497,288,704 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6186E5C63B4B64B24B5F456DE00C52F4
  • 0

#6
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
aswMBR Fix button is NOT enabled.
i went ahead and used the Avast scan option.

aswMBR
aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-09 19:35:19
-----------------------------
19:35:19.093 OS Version: Windows 5.1.2600 Service Pack 3
19:35:19.093 Number of processors: 1 586 0xD08
19:35:19.093 ComputerName: LAPPY UserName:
19:35:19.937 Initialize success
19:35:32.875 AVAST engine defs: 11070901
19:35:38.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:35:38.453 Disk 0 Vendor: FUJITSU_MHV2100AH 00000096 Size: 95396MB BusType: 3
19:35:40.468 Disk 0 MBR read successfully
19:35:40.468 Disk 0 MBR scan
19:35:40.468 Disk 0 Windows XP default MBR code
19:35:42.468 Disk 0 scanning sectors +195350400
19:35:42.500 Disk 0 scanning C:\WINDOWS\system32\drivers
19:36:13.421 Service scanning
19:36:14.484 Disk 0 trace - called modules:
19:36:14.515 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:36:14.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b2ab8]
19:36:14.515 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a645d98]
19:36:15.234 AVAST engine scan C:\WINDOWS
20:27:06.937 AVAST engine scan C:\Documents and Settings\John Nolan
20:43:36.281 AVAST engine scan C:\Documents and Settings\All Users
20:48:33.718 Scan finished successfully
20:51:47.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Nolan\Desktop\MBR.dat"
20:51:47.968 The log file has been saved successfully to "C:\Documents and Settings\John Nolan\Desktop\aswMBR.txt"
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
Looks clean to me.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab. If you run its cleanup it will remove itself and any backup files of stuff it removed.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 26). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 14 which is new enough that it may be removed automatically. If you use Firefox go into tools, Add-ons and make sure that CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA is not enabled. CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA is OK but 0014 should be disabled or uninstalled. Java seems to have a real problem removing the old consoles from Firefox. Having multiple Java consoles will make Firefox very sluggish and slow to start.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/ and download and install anything it recommends. You should probably run it each week or so to make sure your programs are up to date.



If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#8
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
system restore... done
combofix... done
otl... done
hide system files... done
java... done (it found the update right after i installed the one you linked to but i hadnt restarted yet)
remove old java from firefox... done
PDF-XChange javascript off... done (same process as Adobe Reader and Foxit)
update checker... done
adblock plus has always been used
Speedy Fox is no longer at the link provided but i will find it
no P2P on this computer
good password on the wireless router
using WPA2 Personal encryption

everything looks good, thanks very much!

oh, how do i get rid of aswMBR? its not in the add/remove list.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
The link to speedyfox has a dot at the end which it shouldn't have.
http://www.crystalidea.com/speedyfox

I think you can just delete aswMBR.

Ron
  • 0

#10
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
great, thanks!
  • 0

#11
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
since this hasnt been closed yet i thought that i would add to it.

i just noticed that the automatic scan run by eset last night again came up with infections. im worried that maybe there is some other underlying problem that wasnt seen. or could this just be random chance that this computer picked something up again after it was cleaned?

here is the relevant part of the log files. 2 infections and 2 cleaned.
Posted Image
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
These files are in the cache for Java 6.14

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You should have removed Java 6.14 and updated to Java 6.26 by now. Older Java versions allow infected websites to put stuff on your PC.

Ron
  • 0

#13
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
i updated a few days ago following your instructions. Java Control Panel shows 'build 1.6.0_26-b03' in General -> About.
just double checked and the only thing in add/remove is 6.26 no other Java or J2SE stuff. i guess it didnt clear out the cache when i updated.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,783 posts
  • MVP
Appears I was wrong. I looked at the equivalent folder on my PC and idiotic Java has a bunch of numbered folders - not just one for each version. I would clear the Java cache again. (See Post #2 for instructions)

The cache is where Java puts files it gets from websites you visit. Odds are that one of the sites has been compromised if these files are in truth malware and not a false positive. If that's the only place ESET finds bad files then I doubt they have been able to do what they wanted. Perhaps if you still had an older version of Java they would have been able to do some damage. Aren't you glad you removed the older versions and updated?

Ron
  • 0

#15
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
thanks again for the help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP