Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect Virus

Started by XeonFlare , Jul 13 2011 07:09 AM

  • This topic is locked This topic is locked

#1
XeonFlare
Posted 13 July 2011 - 07:09 AM

XeonFlare

    Member

  • Member
  • PipPip
  • 34 posts
So, I'm working on a work computer and they seem to have a virus that redirects. I'm not sure what information you'd need, but I'm going to attach a copy of the "Hijackthis log". Any help would be appreciated.

Log File:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:19:09 AM, on 13/07/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=veriton_x270
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25571
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\Recept\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: sidebar - Shortcut.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6DB9CE7-E0B8-44C6-9363-D885F8FA4A10}: NameServer = 142.217.192.9,142.217.192.8
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
  • 0

Advertisements

#2
ali.B
Posted 13 July 2011 - 01:21 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :)

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Things I would like to see in your reply:
  • aswMBR log
  • OTL.txt and Extras.txt

  • 0

#3
XeonFlare
Posted 15 July 2011 - 09:47 AM

XeonFlare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Dear Ali.B,

First off, I'd like to thank you for your response to my problem; I wouldn't be able to solve this on my own. So, here are the logs that you requested:

OTL.txt:

OTL logfile created on: 15/07/2011 11:28:24 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Recept\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.42% Memory free
3.74 Gb Paging File | 2.20 Gb Available in Paging File | 58.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 19.58 Gb Free Space | 30.37% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: RECEPT-PC | User Name: Recept | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
PRC - [2011/04/24 08:34:11 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/11 20:11:14 | 000,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/19 06:26:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/03/11 20:11:16 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/11 20:11:14 | 000,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (GEARAspiWDM)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/15 20:47:44 | 000,798,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/08/18 06:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 02:48:00 | 007,469,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/17 07:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=veriton_x270


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500



IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/07/14 22:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/31 15:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/31 15:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions\[email protected]
[2011/05/31 15:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/07/07 17:20:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/07 05:46:51 | 000,002,161 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.232.102.249 www.google.com
O1 - Hosts: 66.232.102.249 google.com
O1 - Hosts: 66.232.102.249 google.com.au
O1 - Hosts: 66.232.102.249 www.google.com.au
O1 - Hosts: 66.232.102.249 google.be
O1 - Hosts: 66.232.102.249 www.google.be
O1 - Hosts: 66.232.102.249 google.com.br
O1 - Hosts: 66.232.102.249 www.google.com.br
O1 - Hosts: 66.232.102.249 google.ca
O1 - Hosts: 66.232.102.249 www.google.ca
O1 - Hosts: 66.232.102.249 google.ch
O1 - Hosts: 66.232.102.249 www.google.ch
O1 - Hosts: 66.232.102.249 google.de
O1 - Hosts: 66.232.102.249 www.google.de
O1 - Hosts: 66.232.102.249 google.dk
O1 - Hosts: 66.232.102.249 www.google.dk
O1 - Hosts: 66.232.102.249 google.fr
O1 - Hosts: 66.232.102.249 www.google.fr
O1 - Hosts: 66.232.102.249 google.ie
O1 - Hosts: 66.232.102.249 www.google.ie
O1 - Hosts: 66.232.102.249 google.it
O1 - Hosts: 66.232.102.249 www.google.it
O1 - Hosts: 66.232.102.249 google.co.jp
O1 - Hosts: 24 more lines...
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ChangeTPMAuth] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.217.192.8 24.212.0.7 142.217.192.9
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{33c6f8e6-3d97-11e0-b6d2-00251101e1df}\Shell\AutoRun\command - "" = I:\TranscendService(JF).exe
O33 - MountPoints2\{c257d3d0-1e24-11e0-aa5e-00251101e1df}\Shell\Auto\command - "" = H:\launcher.exe
O33 - MountPoints2\{c257d3d0-1e24-11e0-aa5e-00251101e1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\launcher.exe
O33 - MountPoints2\{cff1a2f5-e535-11df-836e-00251101e1df}\Shell - "" = AutoRun
O33 - MountPoints2\{cff1a2f5-e535-11df-836e-00251101e1df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e4da0171-7a66-11df-b010-00251101e1df}\Shell - "" = AutoRun
O33 - MountPoints2\{e4da0171-7a66-11df-b010-00251101e1df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 17:17:43 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/07/13 08:13:14 | 000,000,000 | R--D | C] -- C:\Users\Recept\Documents\Scanned Documents
[2011/07/13 08:13:14 | 000,000,000 | ---D | C] -- C:\Users\Recept\Documents\Fax
[2011/07/13 08:12:21 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/13 08:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/13 07:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/09 10:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/09 10:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/07/03 15:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/03 15:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/21 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/06/21 16:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/21 15:52:02 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/06/21 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gBurner
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\gBurner
[2009/01/20 09:21:34 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/07/15 11:25:31 | 000,315,392 | ---- | M] () -- C:\Users\Recept\Documents\Lunch Specials.pub
[2011/07/15 11:19:11 | 000,000,512 | ---- | M] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/15 11:17:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 11:17:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/07/14 22:34:47 | 000,000,183 | ---- | M] () -- C:\Windows\NetTalk.ini
[2011/07/14 18:03:34 | 000,002,585 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Excel 2007.lnk
[2011/07/14 17:23:37 | 000,655,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/14 17:23:37 | 000,125,790 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/14 17:17:56 | 000,010,410 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/07/14 17:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/14 17:16:56 | 1878,192,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/14 03:22:41 | 000,376,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 16:18:24 | 001,875,968 | ---- | M] () -- C:\Users\Recept\Documents\Marketing Projects.accdb
[2011/07/13 08:25:33 | 000,000,680 | ---- | M] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:16:33 | 000,002,525 | ---- | M] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/07/09 21:39:39 | 000,002,627 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Word 2007.lnk
[2011/07/07 12:00:07 | 000,002,555 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Publisher 2007.lnk
[2011/07/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/06/21 12:19:18 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/06/21 12:17:23 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll

========== Files Created - No Company Name ==========

[2011/07/15 11:19:11 | 000,000,512 | ---- | C] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/13 09:32:44 | 1878,192,128 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/13 08:25:33 | 000,000,680 | ---- | C] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:12:21 | 000,002,525 | ---- | C] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/06/21 12:19:18 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/05/31 15:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/15 20:46:56 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009/08/21 08:16:43 | 000,000,365 | ---- | C] () -- C:\Windows\mcc.ini
[2009/07/27 15:39:29 | 000,006,656 | ---- | C] () -- C:\Users\Recept\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 17:44:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/07 17:44:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/07 17:42:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/24 01:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/06/17 12:10:46 | 000,000,792 | ---- | C] () -- C:\Windows\Hotello.ini
[2009/05/26 22:33:12 | 000,000,183 | ---- | C] () -- C:\Windows\NetTalk.ini
[2009/05/25 16:31:30 | 000,000,117 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/25 16:29:10 | 002,777,088 | ---- | C] () -- C:\Windows\System32\qt222.dll
[2009/05/25 16:29:10 | 000,000,180 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/05/05 15:18:32 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/05/05 15:18:32 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/05/05 15:04:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/05 11:47:01 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/20 06:59:13 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2007/11/15 00:57:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\KOBJUA_L.DLL
[2007/11/07 04:15:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJUJ_L.DLL
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,376,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,655,468 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,125,790 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2009/05/05 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Acer
[2009/07/27 15:36:21 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\eSobi
[2009/05/05 14:58:57 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Leadertech
[2011/05/27 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Synthesia
[2011/03/12 19:37:47 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\uTorrent
[2009/05/05 14:59:02 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Wave Systems Corp
[2011/07/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/07/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/07/14 03:20:34 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/15 02:28:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/15 02:28:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/15 02:28:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/15 02:28:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/15 02:28:41 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/15 02:28:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/15 02:28:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/15 02:28:40 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/15 02:28:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/15 02:28:41 | 000,748,336 | ---- | M] (Microsoft Corporation)

< >

< End of report >

Extras.txt :
OTL Extras logfile created on: 15/07/2011 11:28:24 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Recept\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.42% Memory free
3.74 Gb Paging File | 2.20 Gb Available in Paging File | 58.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 19.58 Gb Free Space | 30.37% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: RECEPT-PC | User Name: Recept | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05054C90-5125-4D65-AE08-9BED0FB9C218}" = lport=3389 | protocol=6 | dir=in | app=system |
"{230D0C54-4732-4373-BE32-37AE64EAE9C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{321AF97C-EC44-4F46-8EF4-FC6C2E69DA83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3EDD715D-05AE-4518-9B81-6638402DFCE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4236FD02-57FD-44DE-A173-5313DA4D2535}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58FD9791-1255-4D34-8C16-8F4802744BBC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{69A88978-783A-4954-A55F-71BAAE80BED0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AAACB6A-1031-477E-BB2E-AF4F5268413A}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AB46399-CC1D-44AE-B3D2-A27859321AA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{7EF69A87-73F4-487B-A2DE-D486E192A47B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5D02E18-7209-4581-A424-7FB21AD8A8FA}" = rport=138 | protocol=17 | dir=out | app=system |
"{AAF520B9-E9F7-48E5-9029-4C3112555926}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF0BB001-713A-4D88-BEF6-D3B95B7DC1D9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AF1DDDD8-DE68-41EE-B05D-8393D12970F3}" = lport=138 | protocol=17 | dir=in | app=system |
"{AFE63661-3DE6-4D7B-BCB3-157AF8EAA4F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C562E367-D489-4028-B4DC-DA9B10E61AF7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C5688FF3-CAA2-429B-941F-A9FE426C76F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D709472A-485B-46A2-9F5E-B9D795847022}" = rport=139 | protocol=6 | dir=out | app=system |
"{F87BFE36-48B5-490D-A22C-2F9FE01849EB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA38E434-12D2-4870-AE39-695E9BA8F04D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14058C62-5537-47C1-8B6A-40B9EAABEC65}" = protocol=17 | dir=in | app=c:\programdata\2ae6b2\si2ae_289.exe |
"{4D00D76C-2F5C-42C3-B124-E529D501E46F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{5B713E84-3081-4DC5-93D1-08DCE21713A8}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{5D2175F8-5181-4E6E-85E3-A520EBD76D77}" = protocol=6 | dir=in | app=c:\programdata\2ae6b2\si2ae_289.exe |
"{671BBF80-542A-4BDA-B1DA-FCA4E631F824}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{689558FD-CB6E-4712-B48F-CD9D1FC67314}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{6F1FADC7-3A79-4675-B6A1-98C107C5713D}" = protocol=58 | dir=out | [email protected],-28546 |
"{7120991F-A97F-4101-9754-348B8D0F141C}" = protocol=1 | dir=in | [email protected],-28543 |
"{7324280B-8C26-442F-90DB-E373D5A2C03A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{863F1E21-393F-4099-884D-51152DF4D164}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{9B0BA525-9918-472D-9A7D-31F5F0E3AE3C}" = protocol=58 | dir=in | [email protected],-28545 |
"{A6C123E5-76F9-4E45-9931-A83A93C6BFD5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C0ACF17E-3489-480B-9CFC-3BE79E3D07C2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E13C3BFD-2D71-457D-9209-239A1544341D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA242FE0-9895-430A-B690-54D85B91A72A}" = protocol=1 | dir=out | [email protected],-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Authorware Demo_is1" = Authorware Demo v1.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"gBurner" = gBurner
"Google Desktop" = Google Desktop
"Hotello" = Hotello
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"KONICA MINOLTA bizhub C35 Installer" = KONICA MINOLTA bizhub C35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"PeerGuardian_is1" = PeerGuardian 2.0
"PROR" = Microsoft Office Professional 2007

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2010 6:49:20 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 6:49:20 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 6:49:20 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 6:49:20 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 6:49:20 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 8:34:20 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 8:34:32 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 8:34:32 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 8:34:32 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/09/2010 8:34:32 PM | Computer Name = Recept-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 23/10/2009 11:09:20 AM | Computer Name = Recept-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 209
seconds with 180 seconds of active time. This session ended with a crash.

Error - 23/02/2011 12:02:56 AM | Computer Name = Recept-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26678
seconds with 540 seconds of active time. This session ended with a crash.

Error - 16/06/2011 3:26:10 AM | Computer Name = Recept-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3921
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 17/06/2010 6:51:39 PM | Computer Name = Recept-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00251101E1DF. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 17/06/2010 6:56:50 PM | Computer Name = Recept-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00251101E1DF. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 17/06/2010 7:02:28 PM | Computer Name = Recept-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00251101E1DF. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 17/06/2010 7:07:50 PM | Computer Name = Recept-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00251101E1DF. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 17/06/2010 7:12:40 PM | Computer Name = Recept-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00251101E1DF. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 17/06/2010 7:17:23 PM | Computer Name = Recept-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00251101E1DF. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 17/06/2010 7:20:31 PM | Computer Name = Recept-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:19:16 PM on 17/06/2010 was unexpected.

Error - 27/06/2010 7:42:58 AM | Computer Name = Recept-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:42:47 AM on 27/06/2010 was unexpected.

Error - 27/06/2010 7:43:00 AM | Computer Name = Recept-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.33 for the Network Card with network
address 00251101E1DF has been denied by the DHCP server 192.168.0.2 (The DHCP Server
sent a DHCPNACK message).

Error - 04/07/2010 12:13:16 PM | Computer Name = Recept-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.32 on
the Network Card with network address 00251101E1DF.


< End of report >

aswMRB.txt :

aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-15 07:31:19
-----------------------------
07:31:19.756 OS Version: Windows 6.0.6002 Service Pack 2
07:31:19.756 Number of processors: 2 586 0x170A
07:31:19.756 ComputerName: RECEPT-PC UserName: Recept
07:31:21.316 Initialize success
07:37:19.092 AVAST engine defs: 11071500
07:37:29.793 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
07:37:29.793 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 3
07:37:31.821 Disk 0 MBR read successfully
07:37:31.821 Disk 0 MBR scan
07:37:31.837 Disk 0 unknown MBR code
07:37:33.865 Disk 0 scanning sectors +312578048
07:37:33.927 Disk 0 scanning C:\Windows\system32\drivers
07:38:07.077 Service scanning
07:38:08.731 Disk 0 trace - called modules:
07:38:08.747 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
07:38:08.747 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84fe0620]
07:38:08.747 3 CLASSPNP.SYS[8760d8b3] -> nt!IofCallDriver -> [0x840c1568]
07:38:08.762 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\00000059[0x84a34030]
07:38:09.199 AVAST engine scan C:\Windows
09:18:48.420 AVAST engine scan C:\Users\Recept
09:52:13.758 AVAST engine scan C:\ProgramData
09:56:08.959 Scan finished successfully
11:19:11.661 Disk 0 MBR has been saved successfully to "C:\Users\Recept\Documents\MBR.dat"
11:19:11.727 The log file has been saved successfully to "C:\Users\Recept\Documents\aswMBR.txt"
  • 0

#4
ali.B
Posted 15 July 2011 - 10:56 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571
O7 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O33 - MountPoints2\{33c6f8e6-3d97-11e0-b6d2-00251101e1df}\Shell\AutoRun\command - "" = I:\TranscendService(JF).exe
O33 - MountPoints2\{c257d3d0-1e24-11e0-aa5e-00251101e1df}\Shell\Auto\command - "" = H:\launcher.exe
O33 - MountPoints2\{c257d3d0-1e24-11e0-aa5e-00251101e1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\launcher.exe
O33 - MountPoints2\{cff1a2f5-e535-11df-836e-00251101e1df}\Shell - "" = AutoRun
O33 - MountPoints2\{cff1a2f5-e535-11df-836e-00251101e1df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e4da0171-7a66-11df-b010-00251101e1df}\Shell - "" = AutoRun
O33 - MountPoints2\{e4da0171-7a66-11df-b010-00251101e1df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
[2011/06/21 12:17:23 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2009/05/05 11:47:01 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2007/11/15 00:57:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\KOBJUA_L.DLL
[2007/11/07 04:15:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJUJ_L.DLL

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#5
XeonFlare
Posted 15 July 2011 - 11:29 AM

XeonFlare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Malware Bytes log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7111

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15/07/2011 1:17:08 PM
mbam-log-2011-07-15 (13-17-08).txt

Scan type: Quick scan
Objects scanned: 151802
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL.txt:

OTL logfile created on: 15/07/2011 1:07:22 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Recept\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 55.75% Memory free
3.74 Gb Paging File | 2.94 Gb Available in Paging File | 78.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 20.51 Gb Free Space | 31.81% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: RECEPT-PC | User Name: Recept | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/11 20:11:14 | 000,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/19 06:26:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 23:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/03/11 20:11:16 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/11 20:11:14 | 000,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/07 09:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/24 05:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 13:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/15 20:47:44 | 000,798,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/08/18 06:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 02:48:00 | 007,469,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/17 07:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/13 10:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=veriton_x270


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500



IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/07/15 13:05:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/31 15:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/31 15:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions\[email protected]
[2011/05/31 15:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/07/07 17:20:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/07 05:46:51 | 000,002,161 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.232.102.249 www.google.com
O1 - Hosts: 66.232.102.249 google.com
O1 - Hosts: 66.232.102.249 google.com.au
O1 - Hosts: 66.232.102.249 www.google.com.au
O1 - Hosts: 66.232.102.249 google.be
O1 - Hosts: 66.232.102.249 www.google.be
O1 - Hosts: 66.232.102.249 google.com.br
O1 - Hosts: 66.232.102.249 www.google.com.br
O1 - Hosts: 66.232.102.249 google.ca
O1 - Hosts: 66.232.102.249 www.google.ca
O1 - Hosts: 66.232.102.249 google.ch
O1 - Hosts: 66.232.102.249 www.google.ch
O1 - Hosts: 66.232.102.249 google.de
O1 - Hosts: 66.232.102.249 www.google.de
O1 - Hosts: 66.232.102.249 google.dk
O1 - Hosts: 66.232.102.249 www.google.dk
O1 - Hosts: 66.232.102.249 google.fr
O1 - Hosts: 66.232.102.249 www.google.fr
O1 - Hosts: 66.232.102.249 google.ie
O1 - Hosts: 66.232.102.249 www.google.ie
O1 - Hosts: 66.232.102.249 google.it
O1 - Hosts: 66.232.102.249 www.google.it
O1 - Hosts: 66.232.102.249 google.co.jp
O1 - Hosts: 24 more lines...
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ChangeTPMAuth] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.217.192.8 24.212.0.7 142.217.192.9
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{33c6f8e6-3d97-11e0-b6d2-00251101e1df}\Shell\AutoRun\command - "" = I:\TranscendService(JF).exe
O33 - MountPoints2\{c257d3d0-1e24-11e0-aa5e-00251101e1df}\Shell\Auto\command - "" = H:\launcher.exe
O33 - MountPoints2\{c257d3d0-1e24-11e0-aa5e-00251101e1df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\launcher.exe
O33 - MountPoints2\{cff1a2f5-e535-11df-836e-00251101e1df}\Shell - "" = AutoRun
O33 - MountPoints2\{cff1a2f5-e535-11df-836e-00251101e1df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e4da0171-7a66-11df-b010-00251101e1df}\Shell - "" = AutoRun
O33 - MountPoints2\{e4da0171-7a66-11df-b010-00251101e1df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 13:06:12 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/07/15 13:04:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 08:13:14 | 000,000,000 | R--D | C] -- C:\Users\Recept\Documents\Scanned Documents
[2011/07/13 08:13:14 | 000,000,000 | ---D | C] -- C:\Users\Recept\Documents\Fax
[2011/07/13 08:12:21 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/13 08:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/13 07:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/09 10:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/09 10:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/07/03 15:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/03 15:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/21 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/06/21 16:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/21 15:52:02 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/06/21 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gBurner
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\gBurner
[2009/01/20 09:21:34 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/07/15 13:06:13 | 000,010,994 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/07/15 13:05:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 13:05:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 13:05:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/15 13:05:41 | 1878,220,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 11:25:31 | 000,315,392 | ---- | M] () -- C:\Users\Recept\Documents\Lunch Specials.pub
[2011/07/15 11:19:11 | 000,000,512 | ---- | M] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/07/14 22:34:47 | 000,000,183 | ---- | M] () -- C:\Windows\NetTalk.ini
[2011/07/14 18:03:34 | 000,002,585 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Excel 2007.lnk
[2011/07/14 17:23:37 | 000,655,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/14 17:23:37 | 000,125,790 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/14 03:22:41 | 000,376,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 16:18:24 | 001,875,968 | ---- | M] () -- C:\Users\Recept\Documents\Marketing Projects.accdb
[2011/07/13 08:25:33 | 000,000,680 | ---- | M] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:16:33 | 000,002,525 | ---- | M] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/07/09 21:39:39 | 000,002,627 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Word 2007.lnk
[2011/07/07 12:00:07 | 000,002,555 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Publisher 2007.lnk
[2011/07/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/06/21 12:19:18 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/06/21 12:17:23 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll

========== Files Created - No Company Name ==========

[2011/07/15 11:19:11 | 000,000,512 | ---- | C] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/13 09:32:44 | 1878,220,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/13 08:25:33 | 000,000,680 | ---- | C] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:12:21 | 000,002,525 | ---- | C] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/06/21 12:19:18 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/05/31 15:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/15 20:46:56 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009/08/21 08:16:43 | 000,000,365 | ---- | C] () -- C:\Windows\mcc.ini
[2009/07/27 15:39:29 | 000,006,656 | ---- | C] () -- C:\Users\Recept\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 17:44:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/07 17:44:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/07 17:42:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/24 01:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/06/17 12:10:46 | 000,000,792 | ---- | C] () -- C:\Windows\Hotello.ini
[2009/05/26 22:33:12 | 000,000,183 | ---- | C] () -- C:\Windows\NetTalk.ini
[2009/05/25 16:31:30 | 000,000,117 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/25 16:29:10 | 002,777,088 | ---- | C] () -- C:\Windows\System32\qt222.dll
[2009/05/25 16:29:10 | 000,000,180 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/05/05 15:18:32 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/05/05 15:18:32 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/05/05 15:04:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/05 11:47:01 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/20 06:59:13 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2007/11/15 00:57:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\KOBJUA_L.DLL
[2007/11/07 04:15:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJUJ_L.DLL
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,376,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,655,468 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,125,790 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2009/05/05 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Acer
[2009/07/27 15:36:21 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\eSobi
[2009/05/05 14:58:57 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Leadertech
[2011/05/27 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Synthesia
[2011/03/12 19:37:47 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\uTorrent
[2009/05/05 14:59:02 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Wave Systems Corp
[2011/07/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/07/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/07/15 13:04:51 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#6
ali.B
Posted 15 July 2011 - 12:14 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply
  • 0

#7
XeonFlare
Posted 15 July 2011 - 12:55 PM

XeonFlare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ComboFix 11-07-15.02 - Recept 15/07/2011 14:35:53.1.2 - x86
Running from: c:\users\Recept\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Recept\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-15 18:40 . 2011-07-15 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-15 18:28 . 2011-07-15 18:34 -------- d-----w- C:\32788R22FWJFW
2011-07-15 17:04 . 2011-07-15 17:04 -------- d-----w- C:\_OTL
2011-07-13 12:12 . 2011-07-13 12:12 388096 ----a-r- c:\users\Recept\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-13 12:12 . 2011-07-13 12:12 -------- d-----w- c:\program files\Trend Micro
2011-07-13 07:32 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 07:32 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 07:32 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-09 14:04 . 2011-07-09 14:04 -------- d-----w- c:\program files\7-Zip
2011-07-03 19:38 . 2011-07-03 19:38 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-28 23:17 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-21 20:02 . 2011-07-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-06-21 19:51 . 2011-07-15 11:28 -------- d-----w- c:\programdata\Norton
2011-06-21 16:19 . 2011-06-21 16:19 -------- d-----w- c:\program files\gBurner
2011-06-16 07:08 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 07:08 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 07:08 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 18:43 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 18:43 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 18:43 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 18:43 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 18:43 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 18:42 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 18:42 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 18:42 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 18:42 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 18:42 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 22:58 . 2011-05-31 22:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 13:11 . 2011-02-10 15:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-02-10 15:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 16:41 . 2011-05-31 19:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Skytel"="Skytel.exe" [2008-08-19 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-06 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-06 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-09-16 798208]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9DB945AE-4204-CC0D-C461-4D01328CFD3B}]
2011-02-21 21:00 1169736 ----a-w- c:\windows\pis.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vz32&d=0509&m=veriton_x270
uInternet Settings,ProxyServer = http=127.0.0.1:25571
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 142.217.192.8 24.212.0.7 142.217.192.9
TCP: Interfaces\{D6DB9CE7-E0B8-44C6-9363-D885F8FA4A10}: NameServer = 142.217.192.9,142.217.192.8
FF - ProfilePath - c:\users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 14:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-15 14:42:48
ComboFix-quarantined-files.txt 2011-07-15 18:42
.
Pre-Run: 22,292,840,448 bytes free
Post-Run: 22,301,147,136 bytes free
.
- - End Of File - - 152C8CCB643CB004FFF921CD89B026A8
  • 0

#8
ali.B
Posted 15 July 2011 - 01:23 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#9
XeonFlare
Posted 17 July 2011 - 01:30 PM

XeonFlare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
So, after a fair amount of trying with the "ESET online scanner", it turns out that I still can't get the ActiveX control to install. I did some reading and they suggested that I may need to remove a registry entry; I did search but it didn't seem to be there. In terms of the computer, it is running much better and though I haven't done much 'surfing' with the computer, it seems that the redirects have stopped as well. I'll post the Malware Bytes log and perhaps you can recommend an alternative to ESET online scanner? From what you can see, do you think that there is still something to worry about?

Malware Bytes Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7161

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

16/07/2011 9:28:35 AM
mbam-log-2011-07-16 (09-28-35).txt

Scan type: Quick scan
Objects scanned: 154932
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
ali.B
Posted 17 July 2011 - 01:41 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

could you try an alternative browser and try Eset online scanner.
  • 0

Advertisements

#11
XeonFlare
Posted 17 July 2011 - 03:05 PM

XeonFlare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi there,

Turns out it was a combination of the directx just being slow to prompt and my security settings. So, here's the log file:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=fcd4077b0229a449a790f35794d2872f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-17 08:51:47
# local_time=2011-07-17 04:51:47 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 73995 147541293 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=113725
# found=1
# cleaned=1
# scan_time=2116
C:\Users\Default\Pictures\hippologger.exe a variant of MSIL/Injector.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


It said that it had found a "MSIL/Injector.DT trojan" and had quarantined it.
  • 0

#12
ali.B
Posted 17 July 2011 - 03:13 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#13
XeonFlare
Posted 17 July 2011 - 03:21 PM

XeonFlare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
OTL logfile created on: 17/07/2011 5:14:39 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Recept\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.61% Memory free
3.74 Gb Paging File | 2.47 Gb Available in Paging File | 66.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 20.26 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: RECEPT-PC | User Name: Recept | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
PRC - [2010/05/21 10:05:16 | 000,256,000 | ---- | M] (Mingus Software Inc.) -- C:\Hotello\hotello.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/19 06:26:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/09/15 20:47:44 | 000,798,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/08/18 06:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 02:48:00 | 007,469,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/17 07:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=veriton_x270


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500



IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Recept\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Recept\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/17 15:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/31 15:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions\[email protected]
[2011/05/31 15:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/07/07 17:20:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/17 15:06:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/15 14:40:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: eset.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.217.192.8 24.212.0.7 142.217.192.9
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 16:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/17 15:50:19 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/17 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/07/15 14:42:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/15 14:42:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/15 14:34:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/15 14:29:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/15 14:29:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/15 14:29:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/15 14:29:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/15 14:28:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/15 14:28:39 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/15 13:20:43 | 000,000,000 | ---D | C] -- C:\Users\Recept\Desktop\logs
[2011/07/15 13:04:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 08:13:14 | 000,000,000 | R--D | C] -- C:\Users\Recept\Documents\Scanned Documents
[2011/07/13 08:13:14 | 000,000,000 | ---D | C] -- C:\Users\Recept\Documents\Fax
[2011/07/13 08:12:21 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/13 08:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/13 07:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/09 10:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/09 10:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/07/03 15:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/03 15:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/21 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/06/21 16:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/21 15:52:02 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/06/21 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gBurner
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\gBurner
[2009/01/20 09:21:34 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/07/17 16:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003UA.job
[2011/07/17 15:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003Core.job
[2011/07/17 15:53:10 | 000,655,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/17 15:53:10 | 000,125,790 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/17 15:50:20 | 000,002,090 | ---- | M] () -- C:\Users\Recept\Desktop\Google Chrome.lnk
[2011/07/17 15:50:20 | 000,002,052 | ---- | M] () -- C:\Users\Recept\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/17 15:47:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 15:47:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 15:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/17 15:47:43 | 1878,233,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 22:53:18 | 000,000,183 | ---- | M] () -- C:\Windows\NetTalk.ini
[2011/07/16 16:15:56 | 000,315,392 | ---- | M] () -- C:\Users\Recept\Documents\Lunch Specials.pub
[2011/07/16 09:32:28 | 000,002,555 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Publisher 2007.lnk
[2011/07/15 14:40:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/15 11:19:11 | 000,000,512 | ---- | M] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/14 18:03:34 | 000,002,585 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Excel 2007.lnk
[2011/07/14 03:22:41 | 000,376,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 16:18:24 | 001,875,968 | ---- | M] () -- C:\Users\Recept\Documents\Marketing Projects.accdb
[2011/07/13 08:25:33 | 000,000,680 | ---- | M] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:16:33 | 000,002,525 | ---- | M] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/07/09 21:39:39 | 000,002,627 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Word 2007.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/21 12:19:18 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/06/21 12:17:23 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll

========== Files Created - No Company Name ==========

[2011/07/17 15:50:20 | 000,002,090 | ---- | C] () -- C:\Users\Recept\Desktop\Google Chrome.lnk
[2011/07/17 15:50:20 | 000,002,052 | ---- | C] () -- C:\Users\Recept\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/17 15:49:40 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003UA.job
[2011/07/17 15:49:40 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003Core.job
[2011/07/15 14:29:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/15 14:29:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/15 14:29:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/15 14:29:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/15 14:29:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/15 11:19:11 | 000,000,512 | ---- | C] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/13 09:32:44 | 1878,233,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/13 08:25:33 | 000,000,680 | ---- | C] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:12:21 | 000,002,525 | ---- | C] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/06/21 12:19:18 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/05/31 15:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/15 20:46:56 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009/08/21 08:16:43 | 000,000,365 | ---- | C] () -- C:\Windows\mcc.ini
[2009/07/27 15:39:29 | 000,006,656 | ---- | C] () -- C:\Users\Recept\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 17:44:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/07 17:44:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/07 17:42:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/24 01:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/06/17 12:10:46 | 000,000,792 | ---- | C] () -- C:\Windows\Hotello.ini
[2009/05/26 22:33:12 | 000,000,183 | ---- | C] () -- C:\Windows\NetTalk.ini
[2009/05/25 16:31:30 | 000,000,117 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/25 16:29:10 | 002,777,088 | ---- | C] () -- C:\Windows\System32\qt222.dll
[2009/05/25 16:29:10 | 000,000,180 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/05/05 15:18:32 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/05/05 15:18:32 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/05/05 15:04:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/05 11:47:01 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/20 06:59:13 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2007/11/15 00:57:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\KOBJUA_L.DLL
[2007/11/07 04:15:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJUJ_L.DLL
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,376,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,655,468 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,125,790 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2009/05/05 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Acer
[2009/07/27 15:36:21 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\eSobi
[2009/05/05 14:58:57 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Leadertech
[2011/05/27 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Synthesia
[2011/03/12 19:37:47 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\uTorrent
[2009/05/05 14:59:02 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Wave Systems Corp
[2011/07/17 15:47:02 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#14
ali.B
Posted 17 July 2011 - 03:33 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
XeonFlare
Posted 17 July 2011 - 03:46 PM

XeonFlare

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
OTL logfile created on: 17/07/2011 5:38:36 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Recept\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 59.28% Memory free
3.74 Gb Paging File | 2.99 Gb Available in Paging File | 80.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 20.26 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: RECEPT-PC | User Name: Recept | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/19 06:26:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 11:27:22 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Recept\Downloads\OTL.scr
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/09/15 20:47:44 | 000,798,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/04/11 01:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/08/18 06:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 02:48:00 | 007,469,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/17 07:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=veriton_x270


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25500



IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25571

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Recept\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Recept\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/17 15:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/31 15:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions
[2011/06/17 19:18:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Recept\AppData\Roaming\Mozilla\Firefox\Profiles\s8duc0vk.default\extensions\[email protected]
[2011/05/31 15:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/07/07 17:20:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/17 15:06:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/15 14:40:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: eset.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3765419855-2153082231-1171531826-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.217.192.8 24.212.0.7 142.217.192.9
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\lodge logo final.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/07/17 16:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/17 15:50:19 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/15 14:42:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/15 14:42:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/15 14:34:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/15 14:29:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/15 14:29:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/15 14:29:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/15 14:29:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/15 14:28:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/15 14:28:39 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/15 13:20:43 | 000,000,000 | ---D | C] -- C:\Users\Recept\Desktop\logs
[2011/07/15 13:04:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 08:13:14 | 000,000,000 | R--D | C] -- C:\Users\Recept\Documents\Scanned Documents
[2011/07/13 08:13:14 | 000,000,000 | ---D | C] -- C:\Users\Recept\Documents\Fax
[2011/07/13 08:12:21 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/13 08:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/13 07:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/09 10:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/09 10:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/07/03 15:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/03 15:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/21 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/06/21 16:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/06/21 15:52:02 | 000,000,000 | ---D | C] -- C:\Users\Recept\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/06/21 15:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gBurner
[2011/06/21 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\gBurner
[2009/01/20 09:21:34 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/07/17 17:37:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 17:37:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/17 17:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/17 17:37:16 | 1878,200,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/17 16:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003UA.job
[2011/07/17 15:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003Core.job
[2011/07/17 15:53:10 | 000,655,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/17 15:53:10 | 000,125,790 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/17 15:50:20 | 000,002,090 | ---- | M] () -- C:\Users\Recept\Desktop\Google Chrome.lnk
[2011/07/17 15:50:20 | 000,002,052 | ---- | M] () -- C:\Users\Recept\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/16 22:53:18 | 000,000,183 | ---- | M] () -- C:\Windows\NetTalk.ini
[2011/07/16 16:15:56 | 000,315,392 | ---- | M] () -- C:\Users\Recept\Documents\Lunch Specials.pub
[2011/07/16 09:32:28 | 000,002,555 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Publisher 2007.lnk
[2011/07/15 14:40:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/15 11:19:11 | 000,000,512 | ---- | M] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/14 18:03:34 | 000,002,585 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Excel 2007.lnk
[2011/07/14 03:22:41 | 000,376,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 16:18:24 | 001,875,968 | ---- | M] () -- C:\Users\Recept\Documents\Marketing Projects.accdb
[2011/07/13 08:25:33 | 000,000,680 | ---- | M] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:16:33 | 000,002,525 | ---- | M] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/07/09 21:39:39 | 000,002,627 | ---- | M] () -- C:\Users\Recept\Desktop\Microsoft Office Word 2007.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/21 12:19:18 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/06/21 12:17:23 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll

========== Files Created - No Company Name ==========

[2011/07/17 15:50:20 | 000,002,090 | ---- | C] () -- C:\Users\Recept\Desktop\Google Chrome.lnk
[2011/07/17 15:50:20 | 000,002,052 | ---- | C] () -- C:\Users\Recept\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/17 15:49:40 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003UA.job
[2011/07/17 15:49:40 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765419855-2153082231-1171531826-1003Core.job
[2011/07/15 14:29:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/15 14:29:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/15 14:29:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/15 14:29:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/15 14:29:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/15 11:19:11 | 000,000,512 | ---- | C] () -- C:\Users\Recept\Documents\MBR.dat
[2011/07/13 09:32:44 | 1878,200,320 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/13 08:25:33 | 000,000,680 | ---- | C] () -- C:\Users\Recept\AppData\Local\d3d9caps.dat
[2011/07/13 08:12:21 | 000,002,525 | ---- | C] () -- C:\Users\Recept\Desktop\HiJackThis.lnk
[2011/06/21 12:19:18 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\gBurner.lnk
[2011/05/31 15:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/15 20:46:56 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009/08/21 08:16:43 | 000,000,365 | ---- | C] () -- C:\Windows\mcc.ini
[2009/07/27 15:39:29 | 000,006,656 | ---- | C] () -- C:\Users\Recept\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 17:44:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/07 17:44:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/07 17:42:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/24 01:10:14 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/06/17 12:10:46 | 000,000,792 | ---- | C] () -- C:\Windows\Hotello.ini
[2009/05/26 22:33:12 | 000,000,183 | ---- | C] () -- C:\Windows\NetTalk.ini
[2009/05/25 16:31:30 | 000,000,117 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/25 16:29:10 | 002,777,088 | ---- | C] () -- C:\Windows\System32\qt222.dll
[2009/05/25 16:29:10 | 000,000,180 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/05/05 15:18:32 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/05/05 15:18:32 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/05/05 15:04:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/05 11:47:01 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/20 07:15:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/20 06:59:13 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2007/11/15 00:57:00 | 000,013,312 | ---- | C] () -- C:\Windows\System32\KOBJUA_L.DLL
[2007/11/07 04:15:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBJUJ_L.DLL
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,376,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,655,468 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,125,790 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2009/05/05 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Acer
[2009/07/27 15:36:21 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\eSobi
[2009/05/05 14:58:57 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Leadertech
[2011/05/27 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Synthesia
[2011/03/12 19:37:47 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\uTorrent
[2009/05/05 14:59:02 | 000,000,000 | ---D | M] -- C:\Users\Recept\AppData\Roaming\Wave Systems Corp
[2011/07/17 17:36:29 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP