Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan, Virus.Win32.. Please Remove this.!

Started by rhomel , Oct 23 2011 06:54 PM

  • Please log in to reply

#1
rhomel
Posted 23 October 2011 - 06:54 PM

rhomel

    Member

  • Member
  • PipPip
  • 90 posts
The computer have a Virus.Win32 and Trojan. Please help to remove it.

untitled.JPG

Some virus/trojan can't remove it using this viper.

1.JPG

OTL logfile created on: 10/24/2011 8:51:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jr\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 544.48 Mb Available Physical Memory | 53.21% Memory free
2.36 Gb Paging File | 1.94 Gb Available in Paging File | 82.48% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.07 Gb Free Space | 83.29% Space Free | Partition Type: NTFS

Computer Name: PC1 | User Name: jr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/24 08:38:45 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jr\My Documents\Downloads\Programs\OTL.exe
PRC - [2011/10/24 08:12:44 | 001,122,618 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
PRC - [2011/10/24 05:54:27 | 003,425,688 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/10/14 16:37:12 | 001,479,488 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/10/14 16:37:12 | 001,210,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/09/28 23:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 12:49:20 | 001,357,136 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2011/09/06 12:29:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2011/09/06 12:29:38 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/31 17:52:28 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/10/25 06:20:58 | 000,430,080 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
PRC - [2004/08/04 05:00:00 | 001,059,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 19:15:31 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/10/11 14:50:10 | 000,193,904 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll
MOD - [2011/10/11 14:50:08 | 000,210,288 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\Definitions\libBase64.dll
MOD - [2011/09/28 23:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/28 14:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/01/19 11:20:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\vipre.dll
MOD - [2008/07/31 23:48:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/10/25 06:28:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\LogonDll.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\unrar.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/14 16:37:12 | 001,479,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/06 12:29:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/09/06 12:29:38 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/25 06:20:58 | 000,430,080 | ---- | M] (Faronics Corporation) [Auto | Running] -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe -- (DF5Serv)
SRV - [2004/08/04 05:00:00 | 000,144,896 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/04 05:00:00 | 000,111,104 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/04 05:00:00 | 000,111,104 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/04 05:00:00 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/13 17:33:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/29 17:36:34 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/29 17:36:34 | 000,074,456 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/08/29 17:36:34 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/07/06 08:14:42 | 000,101,616 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2011/04/05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2009/08/05 17:38:22 | 005,874,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/28 09:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/24 12:22:40 | 000,014,208 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/18 03:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/10/25 06:32:40 | 000,131,472 | ---- | M] (Faronics Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DeepFrz.sys -- (DeepFrz)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/04 05:00:00 | 000,066,176 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jr\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jr\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 10:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\jr\Application Data\IDM\idmmzcc5 [2011/10/13 01:20:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\jr\Application Data\IDM\idmmzcc5 [2011/10/13 01:20:58 | 000,000,000 | ---D | M]

[2011/10/23 10:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jr\Application Data\Mozilla\Extensions
[2011/10/23 10:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/13 01:20:58 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\JR\APPLICATION DATA\IDM\IDMMZCC5
[2011/10/14 14:19:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [7z4u1v4b42] C:\Documents and Settings\All Users\7z4u1v4b42.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files\Sunbelt Software\VIPRE\SBRC.exe" File not found
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1AC977-323B-42D5-9AC0-E67753802193}: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (RVHOST.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/18 19:29:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 05:50:52 | 000,074,456 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/10/24 05:50:52 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/10/24 05:45:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/24 05:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2011/10/24 05:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Sunbelt
[2011/10/24 05:35:12 | 000,212,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2011/10/24 05:35:12 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\sbhips.sys
[2011/10/24 05:35:05 | 000,332,248 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFw.sys
[2011/10/24 05:35:05 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\WINDOWS\System32\drivers\SbFwIm.sys
[2011/10/24 05:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sunbelt Software
[2011/10/24 05:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2011/10/24 05:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Local Settings\Application Data\Solid State Networks
[2011/10/24 04:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Zbshareware Lab
[2011/10/24 04:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2011/10/24 04:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USB Disk Security
[2011/10/24 04:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\USB Disk Security
[2011/10/24 04:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\ImgBurn
[2011/10/24 03:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/10/24 03:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/10/23 20:37:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jr\Recent
[2011/10/23 10:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 10:35:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/23 10:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/23 10:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Local Settings\Application Data\Mozilla
[2011/10/23 10:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Mozilla
[2011/10/23 10:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/18 20:34:36 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/10/16 06:06:58 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/16 06:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\IObit
[2011/10/16 05:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\vlc
[2011/10/16 05:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/10/16 05:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/16 05:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/16 05:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/10/16 03:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Malwarebytes
[2011/10/16 03:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/16 01:33:17 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/10/16 01:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012
[2011/10/16 01:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\TuneUp Software
[2011/10/16 01:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011/10/16 01:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/10/16 01:32:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/10/14 14:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Start Menu\Programs\Canopy
[2011/10/14 14:22:36 | 000,000,000 | ---D | C] -- C:\Canopy
[2011/10/14 14:22:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2011/10/14 14:22:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jr\InstallAnywhere
[2011/10/14 14:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/14 14:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/14 14:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/14 14:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Sun
[2011/10/14 13:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\FileZilla
[2011/10/14 13:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/10/14 13:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/10/14 11:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Local Settings\Application Data\Thinstall
[2011/10/14 11:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Thinstall
[2011/10/13 02:06:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2011/10/13 02:06:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/10/13 02:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/13 02:06:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/10/13 01:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Start Menu\Programs\Garena
[2011/10/13 01:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Garena Classic
[2011/10/13 01:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\IDM
[2011/10/13 01:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\DMCache
[2011/10/13 01:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Start Menu\Programs\Internet Download Manager
[2011/10/13 01:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
[2011/10/13 01:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2011/10/13 01:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Start Menu\Programs\WinRAR
[2011/10/13 01:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\WinRAR
[2011/10/13 01:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/10/13 01:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/13 01:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/10/13 01:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Local Settings\Application Data\uTorrent
[2011/10/13 01:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\uTorrent
[2011/10/13 00:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 30 Days ==========

[2011/10/24 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/10/24 08:49:39 | 000,014,378 | ---- | M] () -- C:\Documents and Settings\jr\Desktop\1.JPG
[2011/10/24 08:19:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1343024091-839522115-1003UA.job
[2011/10/24 08:12:30 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/24 08:12:28 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/10/24 08:08:36 | 000,294,912 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011/10/24 08:07:18 | 000,347,648 | ---- | M] () -- C:\WINDOWS\System32\tourstart.exe
[2011/10/24 08:04:39 | 001,343,488 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/10/24 08:04:26 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/10/24 08:03:20 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2011/10/24 07:57:11 | 000,281,600 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/10/24 07:56:08 | 000,005,120 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/10/24 07:55:03 | 000,067,584 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/10/24 07:54:47 | 000,212,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/10/24 07:50:28 | 000,126,976 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011/10/24 07:50:09 | 002,811,392 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011/10/24 07:40:48 | 000,067,526 | ---- | M] () -- C:\Documents and Settings\jr\Desktop\untitled.JPG
[2011/10/24 06:07:46 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/24 04:17:11 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2011/10/24 03:57:15 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/10/24 03:57:14 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/10/24 03:51:21 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/23 10:35:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 10:04:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/23 10:04:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/23 09:31:59 | 000,002,457 | RHS- | M] () -- C:\WINDOWS\System32\setting.ini
[2011/10/23 01:19:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1343024091-839522115-1003Core.job
[2011/10/21 00:52:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/17 00:54:58 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\jr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 03:20:57 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\jr\Application Data\room_v3.dat
[2011/10/16 01:33:16 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/10/16 01:33:16 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2011/10/14 18:42:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jr\c
[2011/10/14 16:37:12 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/10/14 01:41:03 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\jr\dotahotkeys.ini
[2011/10/14 00:45:55 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/13 02:33:49 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\jr\Desktop\wvs.lnk
[2011/10/13 02:10:43 | 000,442,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 02:10:43 | 000,069,534 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 01:14:53 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/10/13 01:08:59 | 000,000,211 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2011/10/24 08:49:39 | 000,014,378 | ---- | C] () -- C:\Documents and Settings\jr\Desktop\1.JPG
[2011/10/24 07:40:46 | 000,067,526 | ---- | C] () -- C:\Documents and Settings\jr\Desktop\untitled.JPG
[2011/10/24 06:04:05 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/24 05:40:33 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/10/24 04:17:11 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\USB Disk Security.lnk
[2011/10/24 03:57:15 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/10/24 03:57:14 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/10/24 03:51:21 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/23 10:35:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 10:04:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/23 10:04:47 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/23 10:04:47 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/23 09:31:58 | 000,002,457 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2011/10/17 00:54:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\jr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 06:02:31 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/10/16 01:33:16 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011/10/16 01:33:16 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/10/16 01:33:16 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2012.lnk
[2011/10/14 18:42:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jr\c
[2011/10/14 00:58:38 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\jr\dotahotkeys.ini
[2011/10/14 00:45:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/13 02:33:49 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\jr\Desktop\wvs.lnk
[2011/10/13 01:29:14 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\jr\Application Data\room_v3.dat
[2011/10/13 01:14:53 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/27 12:19:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/18 19:58:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2011/06/18 19:49:34 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/06/18 19:32:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstet.dat
[2011/06/18 19:26:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/18 19:25:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\spider.exe
[2011/06/18 19:25:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sessmgr.exe
[2011/06/18 19:25:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mstscax.dll
[2011/06/18 19:25:33 | 000,229,888 | ---- | C] () -- C:\WINDOWS\System32\catsrv.dll
[2011/06/18 12:20:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/18 09:15:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mfc100rus.dll
[2008/07/31 23:48:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/31 23:48:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/31 23:48:00 | 001,343,488 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/07/31 23:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/31 23:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/31 23:48:00 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/07/31 23:48:00 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/07/31 23:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,759,296 | ---- | C] () -- C:\WINDOWS\System32\wmsdmod.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,442,500 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,347,648 | ---- | C] () -- C:\WINDOWS\System32\tourstart.exe
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\mpg4dmod.dll
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,201,728 | ---- | C] () -- C:\WINDOWS\System32\mspmsp.dll
[2004/08/04 05:00:00 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\netdde.exe
[2004/08/04 05:00:00 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\progman.exe
[2004/08/04 05:00:00 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\rsnotify.exe
[2004/08/04 05:00:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\odbccp32.dll
[2004/08/04 05:00:00 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\polstore.dll
[2004/08/04 05:00:00 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\occache.dll
[2004/08/04 05:00:00 | 000,088,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2004/08/04 05:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\p2pgasvc.dll
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\nslookup.exe
[2004/08/04 05:00:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\scarddlg.dll
[2004/08/04 05:00:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.exe
[2004/08/04 05:00:00 | 000,069,534 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,066,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\udfs.sys
[2004/08/04 05:00:00 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\npptools.dll
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\tcpmonui.dll
[2004/08/04 05:00:00 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\rshx32.dll
[2004/08/04 05:00:00 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\perfctrs.dll
[2004/08/04 05:00:00 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\pngfilt.dll
[2004/08/04 05:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\netstat.exe
[2004/08/04 05:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\odbcad32.exe
[2004/08/04 05:00:00 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\rndismp.sys
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\perfdisk.dll
[2004/08/04 05:00:00 | 000,026,224 | ---- | C] () -- C:\WINDOWS\System32\odbc16gt.dll
[2004/08/04 05:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\odbcbcp.dll
[2004/08/04 05:00:00 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\pidgen.dll
[2004/08/04 05:00:00 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\rsmps.dll
[2004/08/04 05:00:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\ping.exe
[2004/08/04 05:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\odbc32gt.dll
[2004/08/04 05:00:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\perfmon.exe
[2004/08/04 05:00:00 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\tcpmib.dll
[2004/08/04 05:00:00 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\rsh.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\runonce.exe
[2004/08/04 05:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\savedump.exe
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 05:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\msexch40.dll

========== LOP Check ==========

[2011/10/16 01:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/10/24 04:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2011/10/16 01:32:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/10/24 08:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\DMCache
[2011/10/21 00:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\FileZilla
[2011/10/24 08:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\IDM
[2011/10/24 04:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\ImgBurn
[2011/10/16 06:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\IObit
[2011/07/03 08:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\PointBlank
[2011/10/14 11:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\Thinstall
[2011/10/16 01:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\TuneUp Software
[2011/10/24 05:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\uTorrent
[2011/10/24 04:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\Zbshareware Lab
[2011/10/24 08:12:28 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/10/24 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 10/24/2011 8:51:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jr\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 544.48 Mb Available Physical Memory | 53.21% Memory free
2.36 Gb Paging File | 1.94 Gb Available in Paging File | 82.48% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.07 Gb Free Space | 83.29% Space Free | Partition Type: NTFS

Computer Name: PC1 | User Name: jr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- ()
"C:\Program Files\e-Games\Pointblank\PointBlank.exe" = C:\Program Files\e-Games\Pointblank\PointBlank.exe:*:Enabled:Point Blank
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Garena Classic\Garena.exe" = C:\Program Files\Garena Classic\Garena.exe:*:Enabled:Garena
"C:\Canopy\NetworkUpdater\_jvm\bin\java.exe" = C:\Canopy\NetworkUpdater\_jvm\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\New Folder.exe" = E:\New Folder.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\RVHOST.exe" = C:\WINDOWS\system32\RVHOST.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.exe" = C:\WINDOWS\Explorer.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\jr\LOCALS~1\Temp\qijo.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\qijo.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\roqm.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\roqm.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\qjwn.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\qjwn.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winblhj.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winblhj.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winhrecs.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winhrecs.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winkydt.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winkydt.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\nwiz.exe" = C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\qvay.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\qvay.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\fqiqrj.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\fqiqrj.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\wpteep.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\wpteep.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\hvatu.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\hvatu.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\ojih.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\ojih.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winrqryqj.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winrqryqj.exe:*:Enabled:ipsec
"C:\Program Files\Internet Download Manager\IEMonitor.exe" = C:\Program Files\Internet Download Manager\IEMonitor.exe:*:Enabled:ipsec -- (Tonec Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A014690-36EF-45FC-B97F-F8081E9706B4}" = Pointblank
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9F4940B4-F074-487C-AE47-4A03C80AB8A1}" = VIPRE Antivirus Premium
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus Premium
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"FileZilla Client" = FileZilla Client 3.5.1
"Garena Classic 2011" = Garena Classic 2011
"ImgBurn" = ImgBurn
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Network Updater" = Network Updater
"NVIDIA Drivers" = NVIDIA Drivers
"Pointblank" = Pointblank
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"USB Disk Security_is1" = USB Disk Security
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR 4.10 beta 1 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2011 5:40:29 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:29 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:29 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:30 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:30 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:31 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:31 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:31 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:32 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 2350.
An internal error has occurred. ( ) Contact your Information
Technology department for assistance.

Error - 10/22/2011 5:40:39 AM | Computer Name = PC1 | Source = Microsoft Office 11 | ID = 5000
Description =

[ System Events ]
Error - 10/24/2011 11:14:27 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:14:57 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:15:27 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:23:38 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:24:08 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:25:45 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:26:15 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:26:45 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 11:27:15 AM | Computer Name = PC1 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/24/2011 12:00:00 PM | Computer Name = PC1 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 25 October 2011 - 07:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [7z4u1v4b42] C:\Documents and Settings\All Users\7z4u1v4b42.exe File not found
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKCU..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1AC977-323B-42D5-9AC0-E67753802193}: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
O20 - HKLM Winlogon: Shell - (RVHOST.exe) - File not found
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
[2011/10/24 05:45:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/24 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
dir C:\WINDOWS\System32\setting.ini /c
C:\WINDOWS\System32\setting.ini
C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\Tasks\At*.job
C:\DOCUME~1\jr\LOCALS~1\Temp\*.exe
C:\WINDOWS\system32\RVHOST.exe

:Commands
[RESETHOSTS]
[EMPTYJAVA]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP or Continue.
(Try pointing it to C:\Windows or C:i386\ (if it exists) sometimes that will help)

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

If you are still getting your error message then try the Fixit on this page:
http://support.microsoft.com/kb/319114


Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP