Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Cannot run virus scans or OTL

Started by nycmon , Jul 20 2011 11:20 PM

This topic is locked

#16
nycmon

Posted 29 July 2011 - 10:12 AM

Member

Topic Starter
Member
29 posts

AHH I see...well i uninstalled SUPER just in case it did get infected. I can always reinstall it once this mess is resolved. OK I can't tell if teatimer is even being used...this is the SB S&D beta 2.0 version I'm using and I don't think it uses teatimer... I don't know if it's spybot causing me problems...
when i run combofix it says there is a new version available and updates itself and then restarts. After restarting it pops up this error while installing:

"error opening file for writing: C:\32788R22FWJFW\swreg.cfxxe click abort to stop the installation, retry to try again, or ignore to skip this file"

Tried the RETRY button a few times but no good...so i ignored the file and finished installation. However nothing happened after that. Upon reinstallation it gave me the same error at the same point of install...so I aborted... Please let me know if I should Ignore that file and attempt to run combofix anyway.
Thank you!

#17
sempai

Posted 29 July 2011 - 10:41 AM

Trusted Helper

Malware Removal
785 posts

Hi,

Make sure to delete your old copy of Combofix and download a new copy.

Please boot your computer in safe mode with networking and run Combofix, kindly monitor it while running and when it reboots the computer... make sure to boot in safe mode again to complete the process.

#18
nycmon

Posted 29 July 2011 - 11:32 AM

Member

Topic Starter
Member
29 posts

I should mention that i seem to have 2 folders (one named combo-fix and other one named combo-fix5161c)in my C drive. Both contain a file called PV.cfxxe... I can only assume this must have been from the previous combofix i attempted to use before coming to this forum. I tried deleting these folders but it says the PV files cannot be accessed. Do i need to delete these folders in safemode before attempting to run a new copy of combofix?
Thank you!

#19
nycmon

Posted 29 July 2011 - 06:30 PM

Member

Topic Starter
Member
29 posts

I deleted those previous combofix folders in safemode after changing permission for the PV files. After that it seemed to install and run fine. Here is the log.
Thank you!

ComboFix 11-07-29.03 - Compaq_Owner 07/29/2011 19:34:16.1.1 - x86 NETWORK
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\NTUSER.DAT.tmp
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
c:\windows\$NtUninstallKB3255$
c:\windows\$NtUninstallKB3255$\3974964731
c:\windows\$NtUninstallKB3255$\485945278\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB3255$\485945278\click.tlb
c:\windows\$NtUninstallKB3255$\485945278\L\wenmukca
c:\windows\$NtUninstallKB3255$\485945278\loader.tlb
c:\windows\$NtUninstallKB3255$\485945278\U\@00000001
c:\windows\$NtUninstallKB3255$\485945278\U\@000000c0
c:\windows\$NtUninstallKB3255$\485945278\U\@000000cb
c:\windows\$NtUninstallKB3255$\485945278\U\@000000cf
c:\windows\$NtUninstallKB3255$\485945278\U\@80000000
c:\windows\$NtUninstallKB3255$\485945278\U\@800000c0
c:\windows\$NtUninstallKB3255$\485945278\U\@800000cb
c:\windows\$NtUninstallKB3255$\485945278\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-28 18:42 . 2011-07-28 18:42 -------- d-----w- C:\_OTL
2011-07-27 13:53 . 2011-07-27 13:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sonic
2011-07-27 02:11 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-07-27 02:11 . 2011-07-29 17:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-07-25 22:52 . 2011-07-25 22:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-07-25 04:28 . 2011-07-25 04:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-25 04:26 . 2011-07-25 04:26 -------- d-----w- c:\program files\iPod
2011-07-25 04:25 . 2011-07-25 04:26 -------- d-----w- c:\program files\iTunes
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-07-25 04:24 . 2011-07-25 04:25 -------- d-----w- c:\program files\QuickTime
2011-07-25 04:23 . 2011-07-25 04:23 -------- d-----w- c:\program files\Apple Software Update
2011-07-25 04:23 . 2011-07-25 04:23 -------- d-----w- c:\program files\Bonjour
2011-07-24 20:48 . 2011-07-24 20:48 -------- d-----w- c:\program files\BitTorrent
2011-07-23 17:49 . 2011-07-23 17:50 -------- d-----w- C:\MGtools
2011-07-23 15:17 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-23 15:17 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 15:17 . 2011-07-23 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2011-07-22 21:42 . 2011-07-22 21:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2011-07-22 21:42 . 2011-07-22 21:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-21 13:04 . 2011-07-29 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-21 04:49 . 2011-07-22 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-07-21 02:54 . 2011-07-21 02:54 -------- d-----w- c:\program files\ACW
2011-07-21 02:28 . 2011-07-21 14:01 -------- d-----w- c:\documents and settings\JP
2011-07-20 14:35 . 2011-07-20 14:35 -------- d-----w- c:\program files\Trend Micro
2011-07-19 23:53 . 2011-07-19 23:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\QuickScan
2011-07-19 16:18 . 2011-07-19 16:18 1152 ----a-w- c:\windows\system32\windrv.sys
2011-07-19 16:17 . 2011-07-19 16:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2011-07-19 14:50 . 2011-07-19 14:50 -------- d-----w- c:\program files\Common Files\iS3
2011-07-19 14:50 . 2011-07-20 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-07-18 17:41 . 2011-07-18 17:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2011-07-18 16:45 . 2011-07-18 16:45 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\RoboForm
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:57 . 2011-07-22 13:51 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»3 dir
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»3.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»2.scr
2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»2 dir
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»1.scr
2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»1 dir
2011-07-08 14:51 . 2011-07-08 14:51 -------- d-----w- c:\windows\system32\v_269_ss2 dir
2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss2.scr
2011-07-08 14:51 . 2011-07-08 14:52 -------- d-----w- c:\windows\system32\v_269_ss1 dir
2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss1.scr
2011-07-08 14:44 . 2011-07-08 14:44 503892 ----a-w- c:\windows\v_322_ss2Uninst.exe
2011-07-08 14:44 . 2011-07-08 14:44 1308501 ----a-w- c:\windows\v_322_ss2.scr
2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_322_ss1Uninst.exe
2011-07-08 14:43 . 2011-07-08 14:43 1118130 ----a-w- c:\windows\v_322_ss1.scr
2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_360_ss2Uninst.exe
2011-07-08 14:43 . 2011-07-08 14:43 1422643 ----a-w- c:\windows\v_360_ss2.scr
2011-07-08 14:42 . 2011-07-08 14:42 503892 ----a-w- c:\windows\v_360_ss1Uninst.exe
2011-07-08 14:42 . 2011-07-08 14:42 1199595 ----a-w- c:\windows\v_360_ss1.scr
2011-07-08 14:36 . 2011-07-08 14:44 -------- d-----w- c:\windows\system32\WPB810_3 dir
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_3.scr
2011-07-08 14:36 . 2011-07-08 14:54 -------- d-----w- c:\windows\system32\WPB810_ŽÑˆ»2 dir
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»2.scr
2011-07-08 14:35 . 2011-07-08 14:47 -------- d-----w- c:\windows\system32\WPB810_ŽÑˆ»1 dir
2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»1.scr
2011-07-08 14:33 . 2011-07-08 14:33 503892 ----a-w- c:\windows\v_310_ss2Uninst.exe
2011-07-08 14:33 . 2011-07-08 14:33 1521079 ----a-w- c:\windows\v_310_ss2.scr
2011-07-08 14:32 . 2011-07-08 14:32 503892 ----a-w- c:\windows\v_310_ss1Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss2Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 1381093 ----a-w- c:\windows\v_294_ss2.scr
2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss1Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 1136767 ----a-w- c:\windows\v_294_ss1.scr
2011-07-08 14:30 . 2011-07-08 14:30 503891 ----a-w- c:\windows\v_287_ss2Uninst.exe
2011-07-08 14:30 . 2011-07-08 14:30 1714122 ----a-w- c:\windows\v_287_ss2.scr
2011-07-08 14:29 . 2011-07-08 14:29 503892 ----a-w- c:\windows\v_287_ss1Uninst.exe
2011-07-08 14:29 . 2011-07-08 14:29 1170379 ----a-w- c:\windows\v_287_ss1.scr
2011-07-08 14:26 . 2011-07-08 14:26 -------- d-----w- c:\windows\system32\v_273_ss2 dir
2011-07-08 14:23 . 2011-07-08 14:26 203264 ----a-w- c:\windows\system32\v_273_ss2.scr
2011-07-08 14:22 . 2011-07-08 14:23 -------- d-----w- c:\windows\system32\v_273_ss1 dir
2011-07-08 14:22 . 2011-07-08 14:22 203264 ----a-w- c:\windows\system32\v_273_ss1.scr
2011-07-08 14:19 . 2011-07-08 14:19 -------- d-----w- c:\windows\system32\v_239_ss1 dir
2011-07-08 14:19 . 2011-07-08 14:19 201728 ----a-w- c:\windows\system32\v_239_ss1.scr
2011-07-08 14:17 . 2011-07-08 14:18 4727391 ----a-w- c:\windows\WPB603_ŽÑˆ»3.exe
2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»3.scr
2011-07-08 14:17 . 2011-07-08 14:18 5338153 ----a-w- c:\windows\WPB603_ŽÑˆ»2.exe
2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»2.scr
2011-07-08 14:15 . 2011-07-08 14:17 4788965 ----a-w- c:\windows\WPB603_ŽÑˆ»1.exe
2011-07-08 14:15 . 2011-07-08 14:18 29696 ----a-w- c:\windows\mickey32.dll
2011-07-08 14:15 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»1.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 17:50 . 2011-07-23 17:49 181557 ----a-w- C:\MGlogs.zip
2011-07-20 14:35 . 2011-07-20 14:35 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»3.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»2.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»1.scr
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»2.scr
2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»1.scr
2011-07-08 14:18 . 2011-07-08 14:17 4727391 ----a-w- c:\windows\WPB603_ŽÑˆ»3.exe
2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»3.scr
2011-07-08 14:18 . 2011-07-08 14:17 5338153 ----a-w- c:\windows\WPB603_ŽÑˆ»2.exe
2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»2.scr
2011-07-08 14:17 . 2011-07-08 14:15 4788965 ----a-w- c:\windows\WPB603_ŽÑˆ»1.exe
2011-07-08 14:17 . 2011-07-08 14:15 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»1.scr
2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-06 00:58 . 2011-06-06 00:58 53248 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-06 00:57 . 2011-06-06 00:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-06-02 14:02 . 2004-08-04 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 12:06 . 2009-06-02 13:09 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2008-11-24 08:17 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 08:52 . 2010-09-23 01:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2009-08-21 22:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-04 05:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" [2011-05-28 512400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"EvtMgr6"="c:\program files\Logi\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"TkBellExe1"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-07-06 3788704]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-07-06 2130840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingE8408"="c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2011-07-06 1049000]
"SpybotDeletingE2006"="c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2011-07-06 1049000]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.51.lnk - c:\program files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 454656]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^setup_9.0.0.722_20.08.2010_21-52.lnk]
backup=c:\windows\pss\setup_9.0.0.722_20.08.2010_21-52.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IObit\\Password Folder\\PasswordFolder.exe"=
"c:\\Program Files\\VideoStream\\VideoStream.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\msfeedssync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\IObit\\Smart Defrag 2\\SmartDefrag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware2\\mbam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\adma\\MDownloader\\MDownloader.Updater.exe"=
"c:\\Program Files\\adma\\MDownloader\\MDownloader.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IObit\\Game Booster\\GameBooster.exe"=
"c:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\acrotray.exe"=
"c:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\core\\PDapp.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IObit\\Game Booster\\AutoUpdate.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5010:UDP"= 5010:UDP:emule udp
"110:TCP"= 110:TCP:BT
"110:UDP"= 110:UDP:BT1
"5000:TCP"= 5000:TCP:emule tcp
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 54343852;54343852 Boot Guard Driver;c:\windows\system32\DRIVERS\54343852.sys [x]
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
R1 54343851;54343851;c:\windows\system32\DRIVERS\54343851.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-07-06 38504]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 351232]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
R2 PfFilter;PfFilter;c:\program files\IObit\Password Folder\pffilter.sys [2011-01-12 163648]
R2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-07-06 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-07-06 1060272]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-07-06 909224]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-12 30576]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-01-29 24416]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WipeFile;WipeFile;c:\windows\system32\DRIVERS\WipeFile.sys [2007-03-03 57472]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-19 717296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-28 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-11 18:46]
.
2011-07-28 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-11 18:46]
.
2011-07-29 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-07-27 15:21]
.
2011-07-25 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster\AutoUpdate.exe [2011-03-31 23:07]
.
2011-07-28 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\GameBox.exe [2011-07-15 23:08]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
.
2011-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-29 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-07-27 15:20]
.
2011-07-29 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-07-27 15:21]
.
2011-07-25 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
.
2011-07-29 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
.
2011-07-29 c:\windows\Tasks\User_Feed_Synchronization-{D4801835-F956-4975-AEF8-0E5592BA2263}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Eclipse: {12bc3590-67a6-11de-8a39-0800200c9a66} - %profile%\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - %profile%\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Ext: FennecFox: {989e9382-d540-4189-88d1-fc54a949a387} - %profile%\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
FF - Ext: Gradient iBlu: {bf70ba50-e70d-11dd-ba2f-0800200c9a66} - %profile%\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Combined Community Codec Pack_is1 - c:\program files\Combined Community Codec Pack\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 19:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
.
[HKEY_USERS\S-1-5-21-2637110039-1654121908-4178984955-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97D1B5A3-39C5-C0D4-0C0C-0066D4EBC639}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SUPER *]
"DisplayName"="SUPER ?Version 2009.bld.36 (June 10, 2009)"
"UninstallString"="c:\\PROGRA~1\\ERIGHT~1\\SUPER\\Setup.exe /remove /q0"
"InstallDate"="2009-06-22 20:22"
"InstallLocation"="c:\\Program Files\\eRightSoft\\SUPER"
"InstallSource"="c:\\Documents and Settings\\Compaq_Owner\\Desktop"
"DisplayIcon"="c:\\Program Files\\eRightSoft\\SUPER\\SUPER.exe"
"DisplayVersion"="Version 2009.bld.36 (June 10, 2009)"
"VersionMajor"=dword:00000000
"VersionMinor"=dword:00000000
"Publisher"="eRightSoft"
"HelpLink"="http://www.eRightSoft.com"
"URLInfoAbout"="http://www.eRightSoft.com"
"URLUpdateInfo"="http://www.eRightSoft.com"
"Contact"="[email protected]"
.
Completion time: 2011-07-29 20:06:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-30 00:06
ComboFix2.txt 2011-07-21 20:44
ComboFix3.txt 2010-08-21 07:51
.
Pre-Run: 6,054,993,920 bytes free
Post-Run: 6,057,041,920 bytes free
.
- - End Of File - - 16BF4DA09C19E87F72E5D2AA4E4B0239

#20
sempai

Posted 30 July 2011 - 06:45 AM

Trusted Helper

Malware Removal
785 posts

Please tell me how's the computer running after doing the fix below.

We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

File::
c:\windows\system32\DRIVERS\54343851.sys
c:\windows\system32\DRIVERS\54343852.sys 

RegNull::
[HKEY_USERS\S-1-5-21-2637110039-1654121908-4178984955-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97D1B5A3-39C5-C0D4-0C0C-0066D4EBC639}*]

Driver::
54343851
54343852

4. Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#21
nycmon

Posted 30 July 2011 - 10:12 AM

Member

Topic Starter
Member
29 posts

As far as the computer behaviour after running the fix, i was able to uninstall and delete some of the previously locked/denied files and programs like super antispyware. However some files are still locked and deny me access, including Advanced Systemcare 4. And my spybot s&d keeps popping up this message everytime i try to update it -

"the file you are trying to start has not been signed as authentic by Safer Networking Ltd, the authors of Spybot. Are you sure you want to run it?"

I get this popup when i attempt to run a scan or immunize as well. Is this program corrupted? Anyways here is the combofix log.
Once again...THANK YOU!

ComboFix 11-07-29.03 - Compaq_Owner 07/30/2011 11:34:34.2.1 - x86
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\DRIVERS\54343851.sys"
"c:\windows\system32\DRIVERS\54343852.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_54343851
-------\Legacy_54343852
-------\Service_54343851
-------\Service_54343852
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-28 18:42 . 2011-07-28 18:42 -------- d-----w- C:\_OTL
2011-07-27 13:53 . 2011-07-27 13:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Sonic
2011-07-27 02:11 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-07-27 02:11 . 2011-07-30 03:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-07-25 22:52 . 2011-07-25 22:52 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-07-25 04:28 . 2011-07-25 04:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-25 04:26 . 2011-07-25 04:26 -------- d-----w- c:\program files\iPod
2011-07-25 04:25 . 2011-07-25 04:26 -------- d-----w- c:\program files\iTunes
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-07-25 04:25 . 2011-07-25 04:25 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-07-25 04:24 . 2011-07-25 04:25 -------- d-----w- c:\program files\QuickTime
2011-07-25 04:23 . 2011-07-25 04:23 -------- d-----w- c:\program files\Apple Software Update
2011-07-25 04:23 . 2011-07-25 04:23 -------- d-----w- c:\program files\Bonjour
2011-07-24 20:48 . 2011-07-24 20:48 -------- d-----w- c:\program files\BitTorrent
2011-07-23 17:49 . 2011-07-23 17:50 -------- d-----w- C:\MGtools
2011-07-23 15:17 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-23 15:17 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 15:17 . 2011-07-23 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2011-07-22 21:42 . 2011-07-22 21:42 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2011-07-22 21:42 . 2011-07-22 21:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-21 13:04 . 2011-07-29 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-21 05:36 . 2011-07-21 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-21 04:49 . 2011-07-22 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-07-21 02:54 . 2011-07-21 02:54 -------- d-----w- c:\program files\ACW
2011-07-21 02:28 . 2011-07-21 14:01 -------- d-----w- c:\documents and settings\JP
2011-07-20 14:35 . 2011-07-20 14:35 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-20 14:35 . 2011-07-20 14:35 -------- d-----w- c:\program files\Trend Micro
2011-07-19 23:53 . 2011-07-19 23:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\QuickScan
2011-07-19 16:18 . 2011-07-19 16:18 1152 ----a-w- c:\windows\system32\windrv.sys
2011-07-19 16:17 . 2011-07-19 16:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
2011-07-19 14:50 . 2011-07-19 14:50 -------- d-----w- c:\program files\Common Files\iS3
2011-07-19 14:50 . 2011-07-20 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-07-18 17:41 . 2011-07-18 17:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2011-07-18 16:45 . 2011-07-18 16:45 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\RoboForm
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:57 . 2011-07-22 13:51 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»3 dir
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»3.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»2.scr
2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»2 dir
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»1.scr
2011-07-08 14:57 . 2011-07-08 14:57 -------- d-----w- c:\windows\system32\WPB1003_ŽÑˆ»1 dir
2011-07-08 14:51 . 2011-07-08 14:51 -------- d-----w- c:\windows\system32\v_269_ss2 dir
2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss2.scr
2011-07-08 14:51 . 2011-07-08 14:52 -------- d-----w- c:\windows\system32\v_269_ss1 dir
2011-07-08 14:51 . 2011-07-08 14:51 203264 ----a-w- c:\windows\system32\v_269_ss1.scr
2011-07-08 14:44 . 2011-07-08 14:44 503892 ----a-w- c:\windows\v_322_ss2Uninst.exe
2011-07-08 14:44 . 2011-07-08 14:44 1308501 ----a-w- c:\windows\v_322_ss2.scr
2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_322_ss1Uninst.exe
2011-07-08 14:43 . 2011-07-08 14:43 1118130 ----a-w- c:\windows\v_322_ss1.scr
2011-07-08 14:43 . 2011-07-08 14:43 503892 ----a-w- c:\windows\v_360_ss2Uninst.exe
2011-07-08 14:43 . 2011-07-08 14:43 1422643 ----a-w- c:\windows\v_360_ss2.scr
2011-07-08 14:42 . 2011-07-08 14:42 503892 ----a-w- c:\windows\v_360_ss1Uninst.exe
2011-07-08 14:42 . 2011-07-08 14:42 1199595 ----a-w- c:\windows\v_360_ss1.scr
2011-07-08 14:36 . 2011-07-08 14:44 -------- d-----w- c:\windows\system32\WPB810_3 dir
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_3.scr
2011-07-08 14:36 . 2011-07-08 14:54 -------- d-----w- c:\windows\system32\WPB810_ŽÑˆ»2 dir
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»2.scr
2011-07-08 14:35 . 2011-07-08 14:47 -------- d-----w- c:\windows\system32\WPB810_ŽÑˆ»1 dir
2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»1.scr
2011-07-08 14:33 . 2011-07-08 14:33 503892 ----a-w- c:\windows\v_310_ss2Uninst.exe
2011-07-08 14:33 . 2011-07-08 14:33 1521079 ----a-w- c:\windows\v_310_ss2.scr
2011-07-08 14:32 . 2011-07-08 14:32 503892 ----a-w- c:\windows\v_310_ss1Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss2Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 1381093 ----a-w- c:\windows\v_294_ss2.scr
2011-07-08 14:31 . 2011-07-08 14:31 503892 ----a-w- c:\windows\v_294_ss1Uninst.exe
2011-07-08 14:31 . 2011-07-08 14:31 1136767 ----a-w- c:\windows\v_294_ss1.scr
2011-07-08 14:30 . 2011-07-08 14:30 503891 ----a-w- c:\windows\v_287_ss2Uninst.exe
2011-07-08 14:30 . 2011-07-08 14:30 1714122 ----a-w- c:\windows\v_287_ss2.scr
2011-07-08 14:29 . 2011-07-08 14:29 503892 ----a-w- c:\windows\v_287_ss1Uninst.exe
2011-07-08 14:29 . 2011-07-08 14:29 1170379 ----a-w- c:\windows\v_287_ss1.scr
2011-07-08 14:26 . 2011-07-08 14:26 -------- d-----w- c:\windows\system32\v_273_ss2 dir
2011-07-08 14:23 . 2011-07-08 14:26 203264 ----a-w- c:\windows\system32\v_273_ss2.scr
2011-07-08 14:22 . 2011-07-08 14:23 -------- d-----w- c:\windows\system32\v_273_ss1 dir
2011-07-08 14:22 . 2011-07-08 14:22 203264 ----a-w- c:\windows\system32\v_273_ss1.scr
2011-07-08 14:19 . 2011-07-08 14:19 -------- d-----w- c:\windows\system32\v_239_ss1 dir
2011-07-08 14:19 . 2011-07-08 14:19 201728 ----a-w- c:\windows\system32\v_239_ss1.scr
2011-07-08 14:17 . 2011-07-08 14:18 4727391 ----a-w- c:\windows\WPB603_ŽÑˆ»3.exe
2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»3.scr
2011-07-08 14:17 . 2011-07-08 14:18 5338153 ----a-w- c:\windows\WPB603_ŽÑˆ»2.exe
2011-07-08 14:17 . 2011-07-08 14:18 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»2.scr
2011-07-08 14:15 . 2011-07-08 14:17 4788965 ----a-w- c:\windows\WPB603_ŽÑˆ»1.exe
2011-07-08 14:15 . 2011-07-08 14:18 29696 ----a-w- c:\windows\mickey32.dll
2011-07-08 14:15 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»1.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 17:50 . 2011-07-23 17:49 181557 ----a-w- C:\MGlogs.zip
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»3.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»2.scr
2011-07-08 14:57 . 2011-07-08 14:57 532480 ----a-w- c:\windows\system32\WPB1003_ŽÑˆ»1.scr
2011-07-08 14:36 . 2011-07-08 14:36 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»2.scr
2011-07-08 14:35 . 2011-07-08 14:35 532480 ----a-w- c:\windows\system32\WPB810_ŽÑˆ»1.scr
2011-07-08 14:18 . 2011-07-08 14:17 4727391 ----a-w- c:\windows\WPB603_ŽÑˆ»3.exe
2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»3.scr
2011-07-08 14:18 . 2011-07-08 14:17 5338153 ----a-w- c:\windows\WPB603_ŽÑˆ»2.exe
2011-07-08 14:18 . 2011-07-08 14:17 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»2.scr
2011-07-08 14:17 . 2011-07-08 14:15 4788965 ----a-w- c:\windows\WPB603_ŽÑˆ»1.exe
2011-07-08 14:17 . 2011-07-08 14:15 467536 ----a-w- c:\windows\WPB603_ŽÑˆ»1.scr
2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-06 00:58 . 2011-06-06 00:58 53248 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-06 00:57 . 2011-06-06 00:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-06-02 14:02 . 2004-08-04 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 12:06 . 2009-06-02 13:09 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2008-11-24 08:17 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 08:52 . 2010-09-23 01:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2009-08-21 22:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2004-08-04 05:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[7] 2009-04-25 . 092A7F2B49A19ECCE5369D3CB2276148 . 636088 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" [2011-05-28 512400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"EvtMgr6"="c:\program files\Logi\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"TkBellExe1"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-07-06 3788704]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-07-06 2130840]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.51.lnk - c:\program files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 454656]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^setup_9.0.0.722_20.08.2010_21-52.lnk]
backup=c:\windows\pss\setup_9.0.0.722_20.08.2010_21-52.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IObit\\Password Folder\\PasswordFolder.exe"=
"c:\\Program Files\\VideoStream\\VideoStream.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\msfeedssync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\IObit\\Smart Defrag 2\\SmartDefrag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware2\\mbam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\adma\\MDownloader\\MDownloader.Updater.exe"=
"c:\\Program Files\\adma\\MDownloader\\MDownloader.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IObit\\Game Booster\\GameBooster.exe"=
"c:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\acrotray.exe"=
"c:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\core\\PDapp.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IObit\\Game Booster\\AutoUpdate.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5010:UDP"= 5010:UDP:emule udp
"110:TCP"= 110:TCP:BT
"110:UDP"= 110:UDP:BT1
"5000:TCP"= 5000:TCP:emule tcp
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 351232]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-01-29 24416]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WipeFile;WipeFile;c:\windows\system32\DRIVERS\WipeFile.sys [2007-03-03 57472]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-19 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-07-06 38504]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 PfFilter;PfFilter;c:\program files\IObit\Password Folder\pffilter.sys [2011-01-12 163648]
S2 SDHookService;Spybot-S&D 2 Hooks Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-07-06 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-07-06 1060272]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-07-06 909224]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-12 30576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-28 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-05-11 18:46]
.
2011-07-30 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-05-11 18:46]
.
2011-07-30 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-07-27 15:21]
.
2011-07-25 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster\AutoUpdate.exe [2011-03-31 23:07]
.
2011-07-30 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\GameBox.exe [2011-07-15 23:08]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
.
2011-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 05:30]
.
2011-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-07-30 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-07-27 15:20]
.
2011-07-30 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-07-27 15:21]
.
2011-07-25 c:\windows\Tasks\SmartDefrag_Schedule.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
.
2011-07-30 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-31 22:19]
.
2011-07-30 c:\windows\Tasks\User_Feed_Synchronization-{D4801835-F956-4975-AEF8-0E5592BA2263}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Eclipse: {12bc3590-67a6-11de-8a39-0800200c9a66} - %profile%\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Slickerfox: {359faf50-e061-11dd-ad8b-0800200c9a66} - %profile%\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Ext: FennecFox: {989e9382-d540-4189-88d1-fc54a949a387} - %profile%\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
FF - Ext: Gradient iBlu: {bf70ba50-e70d-11dd-ba2f-0800200c9a66} - %profile%\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101045100&s=);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 11:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,93,b8,13,18,95,fa,b5,43,8a,e8,b5,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\SUPER *]
"DisplayName"="SUPER ?Version 2009.bld.36 (June 10, 2009)"
"UninstallString"="c:\\PROGRA~1\\ERIGHT~1\\SUPER\\Setup.exe /remove /q0"
"InstallDate"="2009-06-22 20:22"
"InstallLocation"="c:\\Program Files\\eRightSoft\\SUPER"
"InstallSource"="c:\\Documents and Settings\\Compaq_Owner\\Desktop"
"DisplayIcon"="c:\\Program Files\\eRightSoft\\SUPER\\SUPER.exe"
"DisplayVersion"="Version 2009.bld.36 (June 10, 2009)"
"VersionMajor"=dword:00000000
"VersionMinor"=dword:00000000
"Publisher"="eRightSoft"
"HelpLink"="http://www.eRightSoft.com"
"URLInfoAbout"="http://www.eRightSoft.com"
"URLUpdateInfo"="http://www.eRightSoft.com"
"Contact"="[email protected]"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3filter.acm
c:\program files\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\program files\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\WININET.dll
c:\program files\Spybot - Search & Destroy 2\SDHook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\sm56hlpr.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2011-07-30 11:54:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-30 15:54
ComboFix2.txt 2011-07-30 00:06
ComboFix3.txt 2011-07-21 20:44
ComboFix4.txt 2010-08-21 07:51
.
Pre-Run: 2,756,956,160 bytes free
Post-Run: 2,680,639,488 bytes free
.
- - End Of File - - 9229CA34F073B7E9E421F8AA3F398724

#22
sempai

Posted 30 July 2011 - 11:32 AM

Trusted Helper

Malware Removal
785 posts

Hi,

Let's not install any updates right now or made any changes because it may hinder the cleaning process, we will remove all seen malware first then fix any remaining problems one at a time.

Please try to run OTL now in normal mode and post the log for my review.

#23
nycmon

Posted 30 July 2011 - 11:42 AM

Member

Topic Starter
Member
29 posts

OK sounds good! I was able to run OTL without any problems! Here is the log.
Thank you!

OTL logfile created on: 7/30/2011 1:34:36 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 62.32% Memory free
3.74 Gb Paging File | 3.17 Gb Available in Paging File | 84.76% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.52 Gb Total Space | 2.54 Gb Free Space | 1.79% Space Free | Partition Type: NTFS
Drive D: | 6.52 Gb Total Space | 0.42 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
Drive F: | 279.47 Gb Total Space | 2.82 Gb Free Space | 1.01% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/26 11:11:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/07/06 11:21:26 | 003,788,704 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/07/06 11:21:10 | 002,341,288 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2011/07/06 11:20:48 | 002,384,296 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011/07/06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/07/06 11:19:58 | 000,909,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/07/06 11:19:56 | 001,060,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/06/06 15:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/05/28 14:47:02 | 000,512,400 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/03/10 18:19:32 | 001,642,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/11/12 19:08:04 | 000,398,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\GameBox.exe
PRC - [2010/11/09 16:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 19:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logi\SetPointP\SetPoint.exe
PRC - [2010/08/19 03:06:29 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/21 00:01:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:01:26 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/01/23 22:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/12/14 19:53:38 | 000,454,656 | ---- | M] () -- C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe

========== Modules (SafeList) ==========

MOD - [2011/07/26 11:11:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2011/07/06 11:20:08 | 000,280,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHook32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/19 03:11:02 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2008/04/13 20:11:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [Disabled | Stopped] -- -- (odserv)
SRV - File not found [Auto | Stopped] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/13 17:43:32 | 000,062,928 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/07/06 11:20:24 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/07/06 11:19:58 | 000,909,224 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/07/06 11:19:56 | 001,060,272 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/05/28 14:46:56 | 000,351,232 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/12 18:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/06 11:20:10 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/12 13:50:50 | 000,163,648 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files\IObit\Password Folder\pffilter.sys -- (PfFilter)
DRV - [2010/08/24 13:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/06/03 11:07:18 | 000,013,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jumi.sys -- (jumi)
DRV - [2010/03/12 18:41:16 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/28 22:13:50 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/12/18 23:19:52 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2007/03/03 19:20:44 | 000,057,472 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WipeFile.sys -- (WipeFile)
DRV - [2005/07/03 20:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/14 17:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/25 02:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/12/24 02:43:38 | 000,253,440 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrv8000c.sys -- (W8335XP)
DRV - [2004/08/04 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {989e9382-d540-4189-88d1-fc54a949a387}:0.8.7
FF - prefs.js..extensions.enabledItems: {359faf50-e061-11dd-ad8b-0800200c9a66}:2.2.1
FF - prefs.js..extensions.enabledItems: {12bc3590-67a6-11de-8a39-0800200c9a66}:3.6
FF - prefs.js..extensions.enabledItems: {bf70ba50-e70d-11dd-ba2f-0800200c9a66}:1.0.9
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..keyword.URL: "http://search.search...10101045100&s="
FF - prefs.js..network.proxy.autoconfig_url: "http://rosinstrument...-bin/proxy.pac"
FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search...ernal.dnupdate", false);

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/19 03:11:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/09/02 20:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/24 09:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/25 00:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 00:25:21 | 000,000,000 | ---D | M]

[2009/08/21 18:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2009/08/21 18:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/07/19 09:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions
[2010/04/01 10:21:26 | 000,000,000 | ---D | M] (Eclipse) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}
[2010/09/27 19:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 01:58:39 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/07/26 09:47:09 | 000,000,000 | ---D | M] (Slickerfox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2010/10/26 15:44:59 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/04/01 10:19:17 | 000,000,000 | ---D | M] (FennecFox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/10/26 15:39:15 | 000,000,000 | ---D | M] (Gradient iBlu) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66}
[2010/10/26 15:46:48 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010/09/20 11:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/01 10:18:16 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010/04/01 10:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\[email protected]
[2010/10/26 15:22:07 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\[email protected]
[2010/04/01 10:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
[2010/04/01 10:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/04/01 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
[2010/04/01 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\extensions\{12bc3590-67a6-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
[2011/04/18 12:32:07 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\searchplugins\bing-zugo.xml
[2009/12/12 16:31:02 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0gma2n4r.default\searchplugins\fast-browser-search.xml
[2011/07/29 19:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 21:00:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/22 21:28:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/27 23:57:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/15 11:50:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/08/03 13:07:37 | 000,000,000 | ---D | M] (Kaspersky Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/30 11:47:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logi\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TkBellExe1] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [SUPERAntiSpyware] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...1/uploader2.cab (UploadListView Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1151823870390 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 18:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SmartDefragBootTime.exe) - C:\WINDOWS\System32\SmartDefragBootTime.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 12:01:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/30 11:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/29 13:33:58 | 004,157,735 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/07/28 14:42:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/27 09:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
[2011/07/26 22:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SbS&D2
[2011/07/26 22:11:13 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2011/07/26 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/07/26 11:11:57 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/25 18:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/07/25 00:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/07/25 00:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/25 00:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/25 00:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/25 00:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/07/25 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/25 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/24 16:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011/07/23 13:49:41 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/07/22 17:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
[2011/07/21 09:43:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/21 09:40:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/21 09:40:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/21 09:40:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/21 09:40:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/21 09:40:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/21 09:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/07/21 01:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/21 00:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware1
[2011/07/20 22:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2011/07/20 10:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/19 19:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\QuickScan
[2011/07/19 12:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2011/07/19 11:27:49 | 000,638,976 | ---- | C] (ESET) -- C:\Documents and Settings\Compaq_Owner\My Documents\ESETUninstaller.exe
[2011/07/19 10:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/07/19 10:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/18 13:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2011/07/18 12:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RoboForm
[2011/07/15 11:50:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/15 11:50:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/15 11:50:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/14 21:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/07/08 10:57:57 | 000,532,480 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»3.scr
[2011/07/08 10:57:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»3 dir
[2011/07/08 10:57:29 | 000,532,480 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»2.scr
[2011/07/08 10:57:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»2 dir
[2011/07/08 10:57:12 | 000,532,480 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»1.scr
[2011/07/08 10:57:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»1 dir
[2011/07/08 10:51:35 | 000,203,264 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_269_ss2.scr
[2011/07/08 10:51:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\v_269_ss2 dir
[2011/07/08 10:51:15 | 000,203,264 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_269_ss1.scr
[2011/07/08 10:51:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\v_269_ss1 dir
[2011/07/08 10:44:16 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_322_ss2Uninst.exe
[2011/07/08 10:43:55 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_322_ss1Uninst.exe
[2011/07/08 10:43:16 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_360_ss2Uninst.exe
[2011/07/08 10:42:59 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_360_ss1Uninst.exe
[2011/07/08 10:36:13 | 000,532,480 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB810_3.scr
[2011/07/08 10:36:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WPB810_3 dir
[2011/07/08 10:36:01 | 000,532,480 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB810_ŽÑˆ»2.scr
[2011/07/08 10:36:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WPB810_ŽÑˆ»2 dir
[2011/07/08 10:35:48 | 000,532,480 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB810_ŽÑˆ»1.scr
[2011/07/08 10:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WPB810_ŽÑˆ»1 dir
[2011/07/08 10:33:16 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_310_ss2Uninst.exe
[2011/07/08 10:32:53 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_310_ss1Uninst.exe
[2011/07/08 10:31:54 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_294_ss2Uninst.exe
[2011/07/08 10:31:36 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_294_ss1Uninst.exe
[2011/07/08 10:30:18 | 000,503,891 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_287_ss2Uninst.exe
[2011/07/08 10:29:54 | 000,503,892 | ---- | C] (SERIALGAMES Inc.) -- C:\WINDOWS\v_287_ss1Uninst.exe
[2011/07/08 10:26:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\v_273_ss2 dir
[2011/07/08 10:23:13 | 000,203,264 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_273_ss2.scr
[2011/07/08 10:22:45 | 000,203,264 | ---- | C] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_273_ss1.scr
[2011/07/08 10:22:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\v_273_ss1 dir
[2011/07/08 10:19:55 | 000,201,728 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\v_239_ss1.scr
[2011/07/08 10:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\v_239_ss1 dir
[2011/07/08 10:17:14 | 005,338,153 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\WPB603_ŽÑˆ»2.exe
[2011/07/08 10:17:14 | 004,727,391 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\WPB603_ŽÑˆ»3.exe
[2011/07/08 10:17:14 | 000,467,536 | ---- | C] (MacSourcery) -- C:\WINDOWS\WPB603_ŽÑˆ»3.scr
[2011/07/08 10:17:14 | 000,467,536 | ---- | C] (MacSourcery) -- C:\WINDOWS\WPB603_ŽÑˆ»2.scr
[2011/07/08 10:15:43 | 004,788,965 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\WPB603_ŽÑˆ»1.exe
[2011/07/08 10:15:42 | 000,467,536 | ---- | C] (MacSourcery) -- C:\WINDOWS\WPB603_ŽÑˆ»1.scr
[2011/07/08 10:15:42 | 000,029,696 | ---- | C] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2011/07/07 19:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Oblivion

========== Files - Modified Within 30 Days ==========

[2011/07/30 13:36:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D4801835-F956-4975-AEF8-0E5592BA2263}.job
[2011/07/30 13:21:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/30 12:45:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009UA.job
[2011/07/30 11:49:46 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/07/30 11:48:51 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
[2011/07/30 11:48:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1009.job
[2011/07/30 11:47:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/30 11:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/07/30 11:47:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011/07/30 11:46:59 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/30 11:46:59 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/07/30 11:46:59 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/07/30 11:46:59 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/07/30 11:46:47 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/07/30 11:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/30 11:46:38 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/30 11:19:18 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/30 00:24:19 | 984,002,890 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[gg]_Break_Blade_-_6_(720p)_[CE2109D6].mkv
[2011/07/30 00:14:57 | 396,186,631 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[UTW]_Appleseed_XIII_-_01_[h264-720p][20DC02D3].mkv
[2011/07/29 23:50:35 | 302,457,449 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[WhyNot] Mayo Chiki - 04 [E42FD76D].mkv
[2011/07/29 23:22:08 | 000,000,298 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/07/29 19:27:44 | 004,157,735 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/07/29 10:11:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/07/28 22:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/28 17:00:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_AutoUpdate.job
[2011/07/28 15:45:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2637110039-1654121908-4178984955-1009Core.job
[2011/07/27 01:39:19 | 000,435,348 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110727-014402.backup
[2011/07/26 22:11:19 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/26 11:11:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/07/26 11:11:20 | 000,258,560 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTH.scr
[2011/07/25 03:00:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2011/07/25 02:30:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2011/07/25 00:26:51 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/25 00:25:11 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/24 16:48:09 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/07/24 16:48:09 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/07/24 16:03:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/07/24 00:23:16 | 000,000,438 | RHS- | M] () -- C:\boot.ini
[2011/07/23 13:50:56 | 000,181,557 | ---- | M] () -- C:\MGlogs.zip
[2011/07/22 17:36:05 | 002,419,140 | ---- | M] () -- C:\MGtools.exe
[2011/07/22 17:35:38 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RootRepeal.rar
[2011/07/21 17:33:44 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\rkill.scr
[2011/07/21 16:41:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110727-013919.backup
[2011/07/21 00:37:58 | 000,579,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.scr
[2011/07/21 00:31:32 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Win32kDiag.exe
[2011/07/20 22:27:20 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer Troubleshooting.url
[2011/07/20 13:39:14 | 000,001,068 | -HS- | M] () -- C:\WINDOWS\0326178drv.spi
[2011/07/20 02:32:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2011/07/19 12:18:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/07/19 11:27:50 | 000,638,976 | ---- | M] (ESET) -- C:\Documents and Settings\Compaq_Owner\My Documents\ESETUninstaller.exe
[2011/07/18 11:34:04 | 000,147,644 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\mv44-mom.pdf
[2011/07/14 21:04:57 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2011/07/14 21:03:56 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/07/14 15:20:52 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 18:57:22 | 049,089,992 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/07/13 18:53:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/07/11 00:11:08 | 000,001,209 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Show Desktop.lnk
[2011/07/10 20:21:28 | 000,000,005 | ---- | M] () -- C:\WINDOWS\treeskp.sys
[2011/07/10 20:21:28 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2011/07/08 10:57:57 | 000,532,480 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»3.scr
[2011/07/08 10:57:29 | 000,532,480 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»2.scr
[2011/07/08 10:57:12 | 000,532,480 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB1003_ŽÑˆ»1.scr
[2011/07/08 10:51:35 | 000,203,264 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_269_ss2.scr
[2011/07/08 10:51:15 | 000,203,264 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_269_ss1.scr
[2011/07/08 10:44:16 | 001,308,501 | ---- | M] () -- C:\WINDOWS\v_322_ss2.scr
[2011/07/08 10:44:16 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_322_ss2Uninst.exe
[2011/07/08 10:43:55 | 001,118,130 | ---- | M] () -- C:\WINDOWS\v_322_ss1.scr
[2011/07/08 10:43:55 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_322_ss1Uninst.exe
[2011/07/08 10:43:16 | 001,422,643 | ---- | M] () -- C:\WINDOWS\v_360_ss2.scr
[2011/07/08 10:43:16 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_360_ss2Uninst.exe
[2011/07/08 10:42:59 | 001,199,595 | ---- | M] () -- C:\WINDOWS\v_360_ss1.scr
[2011/07/08 10:42:59 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_360_ss1Uninst.exe
[2011/07/08 10:36:13 | 000,532,480 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB810_3.scr
[2011/07/08 10:36:01 | 000,532,480 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB810_ŽÑˆ»2.scr
[2011/07/08 10:35:48 | 000,532,480 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\WPB810_ŽÑˆ»1.scr
[2011/07/08 10:33:16 | 001,521,079 | ---- | M] () -- C:\WINDOWS\v_310_ss2.scr
[2011/07/08 10:33:16 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_310_ss2Uninst.exe
[2011/07/08 10:32:53 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_310_ss1Uninst.exe
[2011/07/08 10:31:54 | 001,381,093 | ---- | M] () -- C:\WINDOWS\v_294_ss2.scr
[2011/07/08 10:31:54 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_294_ss2Uninst.exe
[2011/07/08 10:31:36 | 001,136,767 | ---- | M] () -- C:\WINDOWS\v_294_ss1.scr
[2011/07/08 10:31:36 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_294_ss1Uninst.exe
[2011/07/08 10:30:18 | 001,714,122 | ---- | M] () -- C:\WINDOWS\v_287_ss2.scr
[2011/07/08 10:30:18 | 000,503,891 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_287_ss2Uninst.exe
[2011/07/08 10:29:54 | 001,170,379 | ---- | M] () -- C:\WINDOWS\v_287_ss1.scr
[2011/07/08 10:29:54 | 000,503,892 | ---- | M] (SERIALGAMES Inc.) -- C:\WINDOWS\v_287_ss1Uninst.exe
[2011/07/08 10:26:03 | 000,203,264 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_273_ss2.scr
[2011/07/08 10:22:45 | 000,203,264 | ---- | M] (FIVESTAR interactive) -- C:\WINDOWS\System32\v_273_ss1.scr
[2011/07/08 10:19:55 | 000,201,728 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\v_239_ss1.scr
[2011/07/08 10:18:19 | 004,727,391 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\WPB603_ŽÑˆ»3.exe
[2011/07/08 10:18:19 | 000,467,536 | ---- | M] (MacSourcery) -- C:\WINDOWS\WPB603_ŽÑˆ»3.scr
[2011/07/08 10:18:19 | 000,029,696 | ---- | M] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2011/07/08 10:18:05 | 005,338,153 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\WPB603_ŽÑˆ»2.exe
[2011/07/08 10:18:05 | 000,467,536 | ---- | M] (MacSourcery) -- C:\WINDOWS\WPB603_ŽÑˆ»2.scr
[2011/07/08 10:17:57 | 004,788,965 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\WPB603_ŽÑˆ»1.exe
[2011/07/08 10:17:57 | 000,467,536 | ---- | M] (MacSourcery) -- C:\WINDOWS\WPB603_ŽÑˆ»1.scr

========== Files Created - No Company Name ==========

[2011/07/29 23:50:35 | 396,186,631 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[UTW]_Appleseed_XIII_-_01_[h264-720p][20DC02D3].mkv
[2011/07/29 23:28:40 | 984,002,890 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[gg]_Break_Blade_-_6_(720p)_[CE2109D6].mkv
[2011/07/29 23:28:40 | 302,457,449 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\[WhyNot] Mayo Chiki - 04 [E42FD76D].mkv
[2011/07/29 20:19:32 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/26 22:33:51 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/07/26 22:33:50 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/07/26 22:33:49 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/07/26 22:11:19 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/07/26 22:11:19 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2011/07/25 00:26:51 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/25 00:25:11 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/24 16:48:09 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/07/24 16:48:09 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/07/23 13:49:43 | 000,181,557 | ---- | C] () -- C:\MGlogs.zip
[2011/07/23 11:42:18 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/07/22 17:37:14 | 002,419,140 | ---- | C] () -- C:\MGtools.exe
[2011/07/22 17:35:43 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RootRepeal.rar
[2011/07/22 10:11:17 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/07/22 10:11:16 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2637110039-1654121908-4178984955-1010.job
[2011/07/21 17:33:46 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\rkill.scr
[2011/07/21 17:22:58 | 000,258,560 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTH.scr
[2011/07/21 09:44:01 | 000,000,392 | ---- | C] () -- C:\Boot.bak
[2011/07/21 09:40:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/21 09:40:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/21 09:40:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/21 09:40:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/21 09:40:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/21 00:38:02 | 000,579,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.scr
[2011/07/21 00:31:43 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Win32kDiag.exe
[2011/07/20 22:27:20 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer Troubleshooting.url
[2011/07/20 13:35:29 | 000,001,068 | -HS- | C] () -- C:\WINDOWS\0326178drv.spi
[2011/07/20 02:32:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\housecall.guid.cache
[2011/07/19 12:18:00 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/07/18 11:21:11 | 000,147,644 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\mv44-mom.pdf
[2011/07/14 21:24:17 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
[2011/07/14 21:04:57 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2011/07/14 21:03:56 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/07/11 00:11:08 | 000,001,209 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Show Desktop.lnk
[2011/07/08 10:44:16 | 001,308,501 | ---- | C] () -- C:\WINDOWS\v_322_ss2.scr
[2011/07/08 10:43:55 | 001,118,130 | ---- | C] () -- C:\WINDOWS\v_322_ss1.scr
[2011/07/08 10:43:16 | 001,422,643 | ---- | C] () -- C:\WINDOWS\v_360_ss2.scr
[2011/07/08 10:42:59 | 001,199,595 | ---- | C] () -- C:\WINDOWS\v_360_ss1.scr
[2011/07/08 10:33:16 | 001,521,079 | ---- | C] () -- C:\WINDOWS\v_310_ss2.scr
[2011/07/08 10:31:54 | 001,381,093 | ---- | C] () -- C:\WINDOWS\v_294_ss2.scr
[2011/07/08 10:31:36 | 001,136,767 | ---- | C] () -- C:\WINDOWS\v_294_ss1.scr
[2011/07/08 10:30:18 | 001,714,122 | ---- | C] () -- C:\WINDOWS\v_287_ss2.scr
[2011/07/08 10:29:54 | 001,170,379 | ---- | C] () -- C:\WINDOWS\v_287_ss1.scr
[2011/03/31 10:05:29 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/03/31 10:05:29 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/29 10:46:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/29 10:45:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/02/06 18:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/06 18:32:44 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/02/04 22:53:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011/02/04 15:14:31 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2011/01/16 00:42:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\MyPhrases.dta
[2010/11/03 10:51:48 | 000,811,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/28 11:05:30 | 000,000,005 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/10/28 11:05:30 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/10/02 19:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2010/09/02 18:35:49 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\bdfvconp.ini
[2010/07/31 18:00:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\osAviSplitter.INI
[2010/07/28 22:30:52 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/26 14:13:28 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/06/26 14:13:28 | 000,004,199 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/04/21 21:01:40 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/11 00:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 00:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/01/29 11:36:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\prvlcl.dat
[2010/01/04 13:51:28 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/12/22 21:44:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/18 01:30:18 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2009/11/08 20:25:00 | 000,075,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/29 21:16:33 | 000,000,212 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/01/07 21:54:56 | 000,002,254 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/01 17:08:19 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/12/02 09:59:16 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/12/02 09:59:16 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/12/02 09:59:16 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/12/02 09:59:16 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/12/02 09:59:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/11/09 01:04:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/13 15:50:16 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/21 17:14:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/03/03 19:20:44 | 000,057,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\WipeFile.sys
[2006/07/02 03:03:47 | 049,089,992 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2006/07/01 18:15:58 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/05/30 23:16:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/04 17:51:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/09 22:19:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/09 21:56:28 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/09 21:55:28 | 000,012,967 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/09 21:55:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/09 21:50:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/09 21:46:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/09 21:46:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/09 21:46:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/09 21:46:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/09 21:46:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/09 21:46:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/09 21:41:58 | 000,000,298 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/09 21:38:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/11/09 21:36:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/11/09 21:36:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/11/09 21:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/11/09 21:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/11/09 21:35:15 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/11/09 21:34:53 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/09 21:26:22 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/09 21:22:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 09:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/24 19:29:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/24 18:43:44 | 000,445,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/24 18:43:44 | 000,072,780 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/24 18:42:06 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/24 18:31:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/24 18:30:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/06/18 11:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 18:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/05 11:45:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb-run.sys
[2001/08/23 12:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 12:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Files - Unicode (All) ==========
[2011/07/07 13:37:13 | 000,002,581 | ---- | M] ()(C:\Documents and Settings\Compaq_Owner\Desktop\__ ?????? __ The Grace Korean Presbyterian Church.lnk) -- C:\Documents and Settings\Compaq_Owner\Desktop\__ 뉴욕한민교회 __ The Grace Korean Presbyterian Church.lnk
[2011/03/03 19:05:51 | 000,002,581 | ---- | C] ()(C:\Documents and Settings\Compaq_Owner\Desktop\__ ?????? __ The Grace Korean Presbyterian Church.lnk) -- C:\Documents and Settings\Compaq_Owner\Desktop\__ 뉴욕한민교회 __ The Grace Korean Presbyterian Church.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\rkill.com:SummaryInformation
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\SelfHelpControl.DLL:BDU
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\OGACheckControl.DLL:BDU
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\MGADiag.exe:BDU

< End of report >

#24
sempai

Posted 31 July 2011 - 02:14 AM

Trusted Helper

Malware Removal
785 posts

Hi,

Everything is looking good, let's try to search for possible remnants.

1. Please go to http://virscan.org/

Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

C:\WINDOWS\v_322_ss2.scr
C:\WINDOWS\v_294_ss2.scr
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

2. Click Start > Run > copy-paste the bolded text below > press Enter. A text file will pop up, please post the contents of that file.

"C:\Qoobox\Add-Remove Programs.txt" > uninstall.txt& start uninstall.txt

3. Please reopen OTL on your desktop.

Copy and Paste the following code into the Custom Scan/Fixes text box.

:OTL
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKCU..\Run: [SUPERAntiSpyware] File not found

:Commands
[EMPTYTEMP]

Push the Run Fix button.
OTL may ask to reboot the machine. Please do so if asked.
A massage box "Fix complete! Click OK to open the fix log." will pop-up.
Click the OK button and a report will open.
Copy and Paste that report in your next reply.

4. ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan.

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, but make sure you copy the logfile first.
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#25
nycmon

Posted 31 July 2011 - 06:24 PM

Member

Topic Starter
Member
29 posts

Hi,
Virscan.org is not responding...I tried for almost an hour...
should i skip this step and do the OTL fix?
Thank you!

Here is the results for the start>run command:

7-Zip 9.15 beta
AC3Filter 1.63b
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Advanced SystemCare 4
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Control Panel
ATI Display Driver
BackOff 1.02
Bass Audio Decoder (remove only)
BitTorrent
Bonjour
BOSS
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD Audio Reader Filter (remove only)
Compaq Multimedia Keyboard Software
DCoder Image Source (remove only)
DScaler 5 Mpeg Decoders
eMule
eReg
ffdshow [rev 3124] [2009-11-03]
FFMPEG Core Files (remove only)
File Shredder 2.0
File Splitter and Joiner (FFSJ v3.3)
FileZilla Client 3.4.0
Gabest MPEG Splitter (remove only)
Game Booster
Google Chrome
Haali Media Splitter
High Definition Audio Driver Package - KB888111
HiJackThis
HOD
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB951830)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HpSdpAppCoreApp
IEEE 802.11g Wireless Cardbus/PCI Adapter
InterVideo WinDVD Player
iPhoneBrowser
IrfanView (remove only)
iTunes
Java Auto Updater
Java™ 6 Update 26
KhalInstallWrapper
LightScribe 1.4.42.1
Logitech SetPoint 6.22
Malwarebytes' Anti-Malware version 1.51.1.1800
MDownloader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Enterprise 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MONOGRAM AMR Splitter/Decoder (remove only)
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.13)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - The Fighter's Stronghold
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.12
OpenOffice.org 3.2
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Password Folder
PC Connectivity Solution
ProProfs CompTIA A+ Practice Exams
PS2
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SHOUTcast Source (remove only)
SIW version 2009-07-28
Skins
Skype Toolbars
Skype™ 4.2
Smart Defrag 2
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 2
SUPERAntiSpyware
Trillian
TypingMaster Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
v_239_ss1 ?????????
v_269_ss1 ?????????
v_269_ss2 ?????????
v_273_ss1 ?????????
v_273_ss2 ?????????
v_287_ss1 Screensaver
v_287_ss2 Screensaver
v_294_ss1 Screensaver
v_294_ss2 Screensaver
v_310_ss1 Screensaver
v_310_ss2 Screensaver
v_322_ss1 Screensaver
v_322_ss2 Screensaver
v_360_ss1 Screensaver
v_360_ss2 Screensaver
VideoStream Server v1.0.1
VirtuaGirlHD 1.0.4.70 - 709_90_73 models
VirtuaGirlHD_743-90-97-16 v 1.0.4.75
VLC media player 1.0.1
WebFldrs XP
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WPB1003_ŽÑˆ»1 ?????????
WPB1003_ŽÑˆ»2 ?????????
WPB1003_ŽÑˆ»3 ?????????
WPB810_3 ?????????
WPB810_ŽÑˆ»1 ?????????
WPB810_ŽÑˆ»2 ?????????
XML Paper Specification Shared Components Pack 1.0
Yahoo! Widgets

Edited by nycmon, 31 July 2011 - 06:26 PM.

#26
sempai

Posted 01 August 2011 - 03:49 AM

Trusted Helper

Malware Removal
785 posts

Hi,

Virscan.org is not responding...I tried for almost an hour...
should i skip this step and do the OTL fix?

Please try jotti instead and you can proceed with the rest of the instructions: http://virusscan.jotti.org/

#27
nycmon

Posted 01 August 2011 - 08:48 AM

Member

Topic Starter
Member
29 posts

Hi,
looks like virscan.org is working now so i did both virscan and jotti....here are the results for those 2 files...

Jotti:

http://virusscan.jot...d4faea43ee86078

http://virusscan.jot...cda4e15be9a00c9

1)VirSCAN.org Scanned Report :
Scanned time : 2011/08/01 10:04:23 (EDT)
Scanner results: 5% Scanner(s) (2/37) found malware!
File Name : v_322_ss2.scr
File Size : 1308501 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : bb482d67be4aa8e85d1bca6ec679b470
SHA1 : 5c9de01d2399fdb2bc794e11ccaa6e0383712885
Online report : http://file.virscan....bb2afde623.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110730040259 2011-07-30 0.59 -
AhnLab V3 2011.08.01.01 2011.08.01 2011-08-01 1.80 -
AntiVir 8.2.6.22 7.11.12.173 2011-08-01 0.30 -
Antiy 2.0.18 20110728.11646458 2011-07-28 0.02 -
Arcavir 2011 201107140423 2011-07-14 0.09 -
Authentium 5.1.1 201108011029 2011-08-01 3.38 -
AVAST! 4.7.4 110730-0 2011-07-30 0.08 -
AVG 8.5.850 271.1.1/3802 2011-08-01 0.34 -
BitDefender 7.90123.8684882 7.38477 2011-08-01 4.40 Gen:Variant.Buzy.1281
ClamAV 0.97.1 13384 2011-08-01 0.20 -
Comodo 4.0 9591 2011-08-01 1.44 -
CP Secure 1.3.0.5 2011.08.01 2011-08-01 0.44 -
Dr.Web 5.0.2.3300 2011.07.23 2011-07-23 13.38 -
F-Prot 4.6.2.117 20110801 2011-08-01 2.47 -
F-Secure 7.02.73807 2011.08.01.03 2011-08-01 11.35 -
Fortinet 4.2.257 13.498 2011-07-30 0.25 -
GData 22.1346 20110716 2011-07-16 0.11 -
ViRobot 20110801 2011.08.01 2011-08-01 0.36 -
Ikarus T3.1.32.20.0 2011.08.01.78975 2011-08-01 5.12 -
JiangMin 13.0.900 2011.07.31 2011-07-31 1.55 -
Kaspersky 5.5.10 2011.08.01 2011-08-01 0.11 -
KingSoft 2009.2.5.15 2011.8.1.20 2011-08-01 0.78 -
McAfee 5400.1158 6424 2011-07-31 9.47 -
Microsoft 1.7104 2011.07.31 2011-07-31 3.64 -
NOD32 3.0.21 6332 2011-07-28 0.07 -
Norman 6.07.10 6.07.00 2011-07-30 14.02 -
Panda 9.05.01 2011.07.30 2011-07-30 2.67 -
Trend Micro 9.200-1012 8.326.02 2011-07-31 0.04 -
Quick Heal 11.00 2011.08.01 2011-08-01 1.27 -
Rising 20.0 23.69.00.03 2011-08-01 2.30 -
Sophos 3.22.0 4.68 2011-08-01 3.71 -
Sunbelt 3.9.2497.2 10029 2011-08-01 1.58 -
Symantec 1.3.0.24 20110731.003 2011-07-31 0.07 -
nProtect 20110801.03 12149046 2011-08-01 2.92 Gen:Variant.Buzy.1281
The Hacker 6.7.0.1 v00267 2011-07-31 0.47 -
VBA32 3.12.16.4 20110801.0616 2011-08-01 4.50 -
VirusBuster 5.3.0.4 14.0.147.1/57632282011-07-31 0.00 -

2)VirSCAN.org Scanned Report :
Scanned time : 2011/08/01 10:19:41 (EDT)
Scanner results: 5% Scanner(s) (2/37) found malware!
File Name : v_294_ss2.scr
File Size : 1381093 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : daeb0ea6e84fcf29816221315cbbb129
SHA1 : 382d8557e802c3e06a5791221bd1143c15046206
Online report : http://file.virscan....471fbf6811.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110730040259 2011-07-30 0.58 -
AhnLab V3 2011.08.01.01 2011.08.01 2011-08-01 1.93 -
AntiVir 8.2.6.22 7.11.12.173 2011-08-01 0.30 -
Antiy 2.0.18 20110728.11646458 2011-07-28 0.02 -
Arcavir 2011 201107140423 2011-07-14 0.09 -
Authentium 5.1.1 201108011029 2011-08-01 3.27 -
AVAST! 4.7.4 110730-0 2011-07-30 0.09 -
AVG 8.5.850 271.1.1/3802 2011-08-01 0.34 -
BitDefender 7.90123.8684882 7.38477 2011-08-01 4.33 Gen:Variant.Buzy.1281
ClamAV 0.97.1 13384 2011-08-01 0.20 -
Comodo 4.0 9591 2011-08-01 1.44 -
CP Secure 1.3.0.5 2011.08.01 2011-08-01 0.45 -
Dr.Web 5.0.2.3300 2011.07.23 2011-07-23 13.33 -
F-Prot 4.6.2.117 20110801 2011-08-01 2.49 -
F-Secure 7.02.73807 2011.08.01.03 2011-08-01 5.83 -
Fortinet 4.2.257 13.498 2011-07-30 0.28 -
GData 22.1346 20110716 2011-07-16 0.11 -
ViRobot 20110801 2011.08.01 2011-08-01 0.35 -
Ikarus T3.1.32.20.0 2011.08.01.78975 2011-08-01 5.12 -
JiangMin 13.0.900 2011.07.31 2011-07-31 1.65 -
Kaspersky 5.5.10 2011.08.01 2011-08-01 0.10 -
KingSoft 2009.2.5.15 2011.8.1.20 2011-08-01 0.95 -
McAfee 5400.1158 6424 2011-07-31 11.01 -
Microsoft 1.7104 2011.07.31 2011-07-31 4.75 -
NOD32 3.0.21 6332 2011-07-28 0.07 -
Norman 6.07.10 6.07.00 2011-07-30 14.02 -
Panda 9.05.01 2011.08.01 2011-08-01 2.82 -
Trend Micro 9.200-1012 8.326.02 2011-07-31 0.05 -
Quick Heal 11.00 2011.08.01 2011-08-01 1.30 -
Rising 20.0 23.69.00.03 2011-08-01 2.38 -
Sophos 3.22.0 4.68 2011-08-01 3.79 -
Sunbelt 3.9.2497.2 10029 2011-08-01 1.62 -
Symantec 1.3.0.24 20110731.003 2011-07-31 0.08 -
nProtect 20110801.03 12149046 2011-08-01 11.09 Gen:Variant.Buzy.1281
The Hacker 6.7.0.1 v00267 2011-07-31 0.48 -
VBA32 3.12.16.4 20110801.0616 2011-08-01 4.86 -
VirusBuster 5.3.0.4 14.0.147.1/57632282011-07-31 0.00 -

#28
nycmon

Posted 01 August 2011 - 08:59 AM

Member

Topic Starter
Member
29 posts

Hi,
I noticed that the fix complete dialogue did not appear upon reboot. It just went right to the log report after reboot. Thought I should mention that in case it was strange behavior. Here is the OTL fix log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.FAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 77083 bytes
->Temporary Internet Files folder emptied: 5291942 bytes
->Java cache emptied: 19058 bytes
->FireFox cache emptied: 9086905 bytes
->Google Chrome cache emptied: 79550080 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2827 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16127536 bytes

Total Files Cleaned = 105.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_105053

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#29
nycmon

Posted 01 August 2011 - 12:42 PM

Member

Topic Starter
Member
29 posts

And last but not least, the ESET scan results ^^
Thank you!

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=57d4d2bc84aabf4e9b24782deeec0239
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-01 06:34:47
# local_time=2011-08-01 02:34:47 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=215928
# found=46
# cleaned=0
# scan_time=12356
C:\Documents and Settings\Compaq_Owner\My Documents\SUPERsetup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\SUPERsetup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\MGtools\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\iPod\bin\iPodService.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0007087.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0007098.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0007099.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0007118.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0007119.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0007135.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP10\A0007136.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP11\A0007174.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP11\A0007175.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP11\A0007195.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP11\A0007196.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP11\A0007220.exe a variant of Win32/Keygen.BH application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP13\A0007410.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP13\A0007411.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP13\A0007594.exe Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0001421.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0001426.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0001445.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0001461.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0001475.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0001476.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0002475.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP5\A0002476.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP6\A0002494.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP6\A0002495.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP8\A0002954.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP8\A0002968.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP8\A0002969.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP9\A0007002.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP9\A0007003.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP9\A0007036.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP9\A0007037.ini a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Sirefef.CL trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Patched.HN trojan 00000000000000000000000000000000 I

#30
sempai

Posted 02 August 2011 - 04:34 AM

Trusted Helper

Malware Removal
785 posts

Hi,

P2P Warning:

BitTorrent
eMule

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

=====================================

ESET reported that some legitimate files are infected, usually when this is the case I always giving the advice to reformat and re install the operating system. This is because the computer cannot be trusted again as well as the integrity of the installed application. Wiping everything and starting from scratch is the safest way, but it's your call. Please let me know what you decide to do.