Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Internet Security 2012

Started by butterrice , Jul 16 2011 02:03 PM

  • This topic is locked This topic is locked

#1
butterrice
Posted 16 July 2011 - 02:03 PM

butterrice

    Member

  • Member
  • PipPipPip
  • 403 posts
I have an Acer Travmate 2480 running Windows XP with AVasti anti virus. This morning I received a pop up from XP Internet Security advising my computer had multiple Trojans and wanted me to register. It seems to have shut down my antivirus and hijacked my PC. Right now my PC is off and I have not run any scans because the virus won't let me into legitimate programs. ThAnk you in advance for your help.
  • 0

Advertisements

#2
ali.B
Posted 16 July 2011 - 02:13 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Hello :)

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Step 1

Please download Rogue Kill from here

Double-click on rkill.com to run it. You may need to run this program a few times to stop the malware process running. The malware will probably complain about being stopped but please ignore this. Do not reboot your computer after running rkill as the malware programs will start again.

Step 2

Please download OTH.scr to your desktop
Please download OTL to your Desktop
Please download the attached Scan.txt to your destop

Double click the OTH file and select Kill All Processes, your desktop will go blank
Posted Image
Then select Start OTL
OTL will now run

  • double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#3
butterrice
Posted 16 July 2011 - 02:42 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
It's not allowing me to access the website. Blocks everything and my AVasti is going nuts.
  • 0

#4
butterrice
Posted 16 July 2011 - 02:53 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
It redirects any site I try to access to an Internet Explorer alert stating the site i want to visit poses a security threat. I can't even get in when in safe mode. It's there too.
  • 0

#5
butterrice
Posted 16 July 2011 - 02:56 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
I got in.. had to fight it, but I got in.. Will post all you told me
  • 0

#6
butterrice
Posted 16 July 2011 - 03:14 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
I do not see the Scan.txt attachment... can you point me in the right direction?
  • 0

#7
ali.B
Posted 16 July 2011 - 03:18 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Ignore that proceed with the Quick Scan
  • 0

#8
butterrice
Posted 16 July 2011 - 04:18 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Ok-not sure what is going on here. But the logs you wanted didn't pop up. Now the browser is white, and a jyg.exe error pops up. The rogue program continues to be a nuisance and AVasti is still popping up errors.
  • 0

#9
ali.B
Posted 17 July 2011 - 02:59 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download the attached Scan.txt file and put it on a USB.

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Copy the contents of the attached scan.txt into the Custom scans and fixes box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

Attached Files

  • Attached File  Scan.txt   324bytes   128 downloads

  • 0

#10
butterrice
Posted 17 July 2011 - 02:44 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Can I exit Reatogo and go into my desktop to post the results? Reatogo does not have an Internet connection unless i'm missing something.
  • 0

Advertisements

#11
butterrice
Posted 17 July 2011 - 02:45 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
I'm using an iPod that has Internet to respond to you and there is not a USB port.
  • 0

#12
ali.B
Posted 17 July 2011 - 02:48 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Reboot into normal mode and try to post the logs from there.
  • 0

#13
butterrice
Posted 17 July 2011 - 03:12 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
OTL logfile created on: 7/17/2011 12:07:25 PM - Run
OTLPE by OldTimer - Version 3.1.47.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 794.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 837.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.49 Gb Total Space | 30.81 Gb Free Space | 50.94% Space Free | Partition Type: NTFS
Drive D: | 51.29 Gb Total Space | 46.93 Gb Free Space | 91.48% Space Free | Partition Type: NTFS
Drive E: | 967.72 Mb Total Space | 703.25 Mb Free Space | 72.67% Space Free | Partition Type: FAT
Drive X: | 284.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (getPlusHelper) getPlus®
SRV - File not found [Disabled] -- -- (cmdAgent)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/06 13:52:18 | 000,266,240 | ---- | M] () [Disabled] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2007/04/26 01:21:42 | 000,099,248 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/04/26 01:21:22 | 000,537,520 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/30 14:39:36 | 000,482,920 | ---- | M] () [Disabled] -- C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe -- (ioloDMV)
SRV - [2006/06/23 11:40:58 | 000,086,016 | ---- | M] (Logitech) [Disabled] -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (MpKslfe538485)
DRV - File not found [Kernel | System] -- -- (MpKslc86e4a84)
DRV - File not found [Kernel | System] -- -- (MpKsla634e47f)
DRV - File not found [Kernel | System] -- -- (MpKsl7be8fdbc)
DRV - File not found [Kernel | System] -- -- (MpKsl5076531f)
DRV - File not found [Kernel | System] -- -- (MpKsl3d2a8f83)
DRV - File not found [Kernel | System] -- -- (MpKsl35e2d707)
DRV - File not found [Kernel | System] -- -- (MpKsl22c1879f)
DRV - File not found [Kernel | System] -- -- (MpKsl1726781a)
DRV - File not found [Kernel | System] -- -- (MpKsl16b132f5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | Boot] -- -- (Inspect)
DRV - File not found [Kernel | System] -- -- (InCDRm)
DRV - File not found [Kernel | System] -- -- (InCDPass)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (cmdHlp)
DRV - File not found [File_System | System] -- -- (cmdGuard)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/10 21:34:28 | 000,987,904 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/12/09 22:43:16 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/09/28 09:50:50 | 000,015,872 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\XPTWOPORT.SYS -- (XPTWOPORT)
DRV - [2010/06/02 03:41:58 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/02/05 22:17:32 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2010/01/26 23:29:13 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/10/21 05:22:00 | 000,298,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/05/24 19:53:58 | 000,002,208 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32)
DRV - [2007/05/03 10:28:04 | 000,039,552 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2006/10/12 17:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/06/23 11:40:58 | 002,400,128 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006/06/23 11:40:58 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006/01/17 11:19:46 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/01/17 11:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/17 11:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/17 11:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/11/22 19:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 19:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/10/08 11:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator.ACER-CELERON-M_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bea_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 1886680168
IE - HKU\Bea_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Bea_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Bea_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Bea_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Bea_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Bea_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Bea_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Bea_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:65111

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/04 15:06:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 10:35:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 07:58:30 | 000,000,000 | ---D | M]

[2011/07/16 13:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Application Data\Mozilla\Extensions
[2011/03/26 04:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/08/17 09:58:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/23 21:11:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/26 10:35:05 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/11 18:03:30 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011/06/12 20:00:55 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/06/12 20:00:55 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/03 01:43:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\Bea_ON_C\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe (Lexmark)
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKU\Bea_ON_C..\Run: [927701647] C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe ()
O4 - HKU\Administrator.ACER-CELERON-M_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.ACER-CELERON-M_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bea_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Bea_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Bea_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1180052573437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183974491937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Bea_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Bea_ON_C Winlogon: Shell - (C:\Documents and Settings\Bea\Application Data\dwm.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/24 18:07:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/02 19:33:32 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2008/01/22 18:55:00 | 000,023,552 | ---- | M] () - E:\Autobiography.doc -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 10:26:20 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2011/07/16 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Local Settings\Application Data\Mozilla
[2011/07/16 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Application Data\Mozilla
[2011/07/16 13:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Local Settings\Application Data\Microsoft
[2011/07/16 13:05:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Application Data\Microsoft
[2011/07/16 13:05:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\SendTo
[2011/07/16 13:05:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Application Data
[2011/07/16 13:05:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Start Menu\Programs\Startup
[2011/07/16 13:05:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Start Menu
[2011/07/16 13:05:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Start Menu\Programs\Accessories
[2011/07/16 13:05:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\IETldCache
[2011/07/16 13:05:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Cookies
[2011/07/16 13:05:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Templates
[2011/07/16 13:05:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Recent
[2011/07/16 13:05:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\PrintHood
[2011/07/16 13:05:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\NetHood
[2011/07/16 13:05:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Local Settings
[2011/07/16 13:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\My Documents
[2011/07/16 13:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Favorites
[2011/07/16 13:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Desktop
[2011/07/13 17:28:27 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/07/13 17:28:19 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/07/11 23:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterActual
[2011/07/11 23:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/07/05 21:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/05 21:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/05 21:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/05 21:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/26 23:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/06/26 23:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2007/11/26 03:56:51 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2007/11/26 03:56:49 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/04/26 01:21:26 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/04/26 01:21:22 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/03/02 10:13:41 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/03/02 10:12:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/03/02 10:05:53 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/03/02 10:04:14 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/03/02 10:02:55 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/03/02 10:00:23 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/03/02 09:59:32 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/03/02 09:58:58 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/03/02 09:51:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/03/02 09:51:09 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/03/02 09:47:01 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 10:52:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/17 10:52:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job
[2011/07/17 10:36:19 | 000,011,996 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\671n8w107xhhsv
[2011/07/17 10:36:18 | 000,011,996 | -HS- | M] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\671n8w107xhhsv
[2011/07/17 10:34:06 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003UA.job
[2011/07/17 10:26:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 10:25:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/17 09:20:56 | 000,005,748 | ---- | M] () -- C:\Documents and Settings\Bea\Application Data\359E.4B0
[2011/07/16 18:34:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-776561741-839522115-1003Core.job
[2011/07/16 10:47:44 | 000,335,872 | ---- | M] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe
[2011/07/14 20:35:17 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Bea\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 20:35:16 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Bea\Desktop\Google Chrome.lnk
[2011/07/13 00:57:38 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 21:48:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 00:05:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/12 00:05:06 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Bea\default.pls
[2011/07/11 23:29:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2011/07/11 23:27:03 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2011/07/11 23:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterActual
[2011/07/05 22:01:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/05 22:01:26 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/05 21:58:52 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/05 21:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/02 07:58:31 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/02 07:58:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/07/02 00:20:38 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/06/29 21:08:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/27 23:56:31 | 000,560,230 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 23:56:31 | 000,099,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 12:51:51 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M2000Twn.src
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/16 13:05:01 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Start Menu\Programs\Remote Assistance.lnk
[2011/07/16 13:05:01 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.ACER-CELERON-M\Start Menu\Programs\Windows Media Player.lnk
[2011/07/16 10:47:53 | 000,011,996 | -HS- | C] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\671n8w107xhhsv
[2011/07/16 10:47:53 | 000,011,996 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\671n8w107xhhsv
[2011/07/16 10:47:45 | 000,005,748 | ---- | C] () -- C:\Documents and Settings\Bea\Application Data\359E.4B0
[2011/07/16 10:47:44 | 000,335,872 | ---- | C] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe
[2011/07/12 00:05:06 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Bea\default.pls
[2011/07/11 23:29:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/07/11 23:27:03 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2011/07/05 21:58:52 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/09 15:40:56 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011/04/16 00:06:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/16 00:06:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/16 00:06:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/16 00:06:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/16 00:06:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/09 22:45:59 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/12/03 01:34:52 | 000,044,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/29 00:46:40 | 001,094,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/20 14:22:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/06 13:52:18 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/03/28 01:39:06 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/28 01:39:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/03/07 19:26:25 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/03/07 01:59:24 | 000,000,794 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2010/02/05 22:08:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\DetectHWID.exe
[2010/02/05 21:56:27 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2010/02/05 21:43:14 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2009/09/01 09:30:27 | 000,000,597 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/25 03:46:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bea\settings.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/28 12:51:30 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Bea\couponmanager.properties
[2009/03/17 00:24:13 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/07/12 03:00:59 | 009,334,784 | ---- | C] () -- C:\Documents and Settings\Bea\ntuser.bak
[2008/06/04 20:48:01 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2008/06/04 20:48:01 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2008/06/04 20:48:01 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/04/27 21:21:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/01/09 02:15:28 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/12/19 23:41:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/12/09 03:52:29 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/11/26 04:08:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2007/11/26 04:08:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2007/11/26 04:08:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2007/11/26 04:08:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2007/11/26 03:58:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2007/11/26 03:56:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2007/11/26 03:55:42 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2007/11/19 07:35:42 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/12 00:48:47 | 000,006,314 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2007/09/09 21:47:13 | 003,391,026 | ---- | C] () -- C:\Documents and Settings\Bea\IMG_2365.JPG
[2007/09/08 00:26:41 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Bea\presets.ini
[2007/07/31 01:00:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/07/21 15:30:59 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Bea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 20:13:09 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/07/18 20:13:09 | 000,046,592 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/07/18 20:13:09 | 000,039,552 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/07/18 20:13:09 | 000,037,248 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/05/26 09:50:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/26 09:45:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/25 19:44:06 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/05/25 19:44:00 | 000,435,816 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/05/25 19:44:00 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2007/05/25 19:44:00 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/05/25 19:34:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/05/25 19:33:26 | 000,314,880 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2007/05/25 19:15:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/25 15:54:53 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.bak
[2007/05/24 20:40:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/05/24 19:53:58 | 000,002,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\nxsIO32.sys
[2007/05/24 18:11:00 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.bak
[2007/05/24 18:09:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/05/24 18:04:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/05/24 13:57:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/24 13:56:50 | 000,233,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/25 22:17:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 14:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 12:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 13:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/06/23 11:40:58 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006/06/23 11:40:58 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006/06/01 08:55:00 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2006/05/17 22:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2006/01/17 11:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,560,230 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,099,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/13 01:55:38 | 000,467,001 | ---- | C] () -- C:\WINDOWS\System32\W3MKDE.DLL
[2002/08/13 01:55:38 | 000,106,564 | ---- | C] () -- C:\WINDOWS\System32\W3DBSMGR.EXE
[2002/08/13 01:55:38 | 000,061,499 | ---- | C] () -- C:\WINDOWS\System32\W3MKDERC.DLL
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/10/12 00:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Blackberry Desktop
[2011/06/12 20:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Catalina Marketing Corp
[2008/06/05 19:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\CheckPoint
[2009/05/16 14:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\eBay
[2009/08/31 05:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\FrostWire
[2008/04/27 21:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\HotSync
[2007/05/26 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Individual Software
[2007/05/25 19:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\InterTrust
[2007/05/25 19:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\iolo
[2007/08/18 03:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Leadertech
[2007/11/26 04:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Lexmark Productivity Studio
[2009/08/14 04:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\LimeWire
[2007/12/09 05:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\MailFrontier(2)
[2011/03/06 22:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\MP3Rocket
[2010/01/28 21:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\MSNInstaller
[2009/08/18 22:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Netscape
[2011/06/23 20:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\QuickScan
[2007/09/12 00:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\QuitCounter
[2010/11/29 00:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Research In Motion
[2010/04/28 03:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\SecondLife
[2010/02/20 12:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Stardock
[2010/02/07 00:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\System Tweaker
[2010/02/07 09:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\Uniblue
[2010/02/14 04:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bea\Application Data\WinPatrol
[2007/05/25 19:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/01/09 20:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/06/04 15:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/03/07 18:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/02/07 12:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2010/06/02 03:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/05/16 14:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/04/27 21:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/05/25 19:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/02/06 02:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2007/05/25 19:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/12/06 18:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/02/06 01:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/29 00:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/07/18 20:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2011/06/26 23:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/08/23 18:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/16 21:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2011/06/04 14:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/04/05 21:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/12/03 01:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 23:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 22:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/07/17 10:25:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/07/17 10:52:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C78EAB38-8876-422B-960A-4047F8801EE5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/26 10:35:00 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/26 10:35:00 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/26 10:35:00 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/07/16 10:47:44 | 000,335,872 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/26 10:35:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/16 10:47:44 | 000,335,872 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/07/16 10:47:44 | 000,335,872 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 08:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/26 10:35:00 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/26 10:35:00 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/26 10:35:00 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" [2011/07/16 10:47:44 | 000,335,872 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/26 10:35:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/16 10:47:44 | 000,335,872 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Bea\Local Settings\Application Data\jyg.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/07/16 10:47:44 | 000,335,872 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 08:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< CREATERESTOREPOINT >



< http://download.blee...al/MBRCheck.exe >
Invalid Switch: MBRCheck.exe

< End of report >
  • 0

#14
ali.B
Posted 17 July 2011 - 03:24 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Copy the contents of Fix.txt into the Custom scans and fixes box
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )


Edit: If you don't have a USB, save the Fix.txt file on your C:\ drive and access it from the Reatogo mode.

Attached Files

  • Attached File  Fix.txt   1.94KB   224 downloads

  • 0

#15
butterrice
Posted 17 July 2011 - 04:32 PM

butterrice

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Ok, here is what is happening. I ran the program again with the fix you had. It didn't produce another OtL log. I can't seem to use any of my browsers although i'm connected to the Internet. Neither the XP 2012 or my AVasti loaded on start up.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP