Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

codec failure lie [Solved]


  • This topic is locked This topic is locked

#46
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
There is nothing. Once I saw the pop up from malewarebytes telling me that there were Trojans I got mad. I had two pop ups and then I thought it was something that was left over. Then I went to the quarantine and found two more, they were deleted.
That's is why I said that I screwed up.
Oh and I have not changend any passwords yet, because of the "new"Trojans.

Edited by M2mouse, 22 November 2011 - 11:19 AM.

  • 0

Advertisements


#47
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay, i'm still a little confused, are there any items listed under the Quarantine tab?

Run this scan;


Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

  • 0

#48
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
OTL logfile created on: 11/23/2011 AM 09:58:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mitch\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.14 Gb Available Physical Memory | 78.53% Memory free
5.74 Gb Paging File | 4.86 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 430.75 Gb Free Space | 92.48% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 456.87 Gb Free Space | 98.09% Space Free | Partition Type: NTFS

Computer Name: MITCH | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 09:55:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/02/18 06:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/06/14 22:54:00 | 000,212,992 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/17 12:01:44 | 000,099,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/02/03 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 06:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2007/02/18 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 62 C4 08 09 A6 CC 01 [binary data]
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/11/22 10:54:47 | 000,000,000 | ---D | M]


Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.att.n...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1227376629640 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1189CE54-EA73-4ED2-A5AB-6B5A06331B6E}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF4A47C-0547-478B-8AD5-E1BE5A38C5BC}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D97A4C06-2153-42D8-84C7-333CA178C503}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) -C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: E:\Media\My Documets\vulcansr21024.bmp
O24 - Desktop BackupWallPaper: E:\Media\My Documets\vulcansr21024.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/20 20:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 09:55:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
[2011/11/16 17:38:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mitch\IECompatCache
[2011/11/16 11:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/16 11:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Malwarebytes
[2011/11/16 11:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/16 11:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/16 11:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/16 11:06:04 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mitch\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/16 10:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/15 12:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\AVG
[2011/11/15 12:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/15 12:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/15 12:32:27 | 008,143,904 | ---- | C] (AVG ) -- C:\Documents and Settings\Mitch\Desktop\avg_pct_stf_all_2012_26_c4.exe
[2011/11/15 10:44:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mitch\Start Menu\Programs\Administrative Tools
[2011/11/14 20:15:48 | 003,903,608 | ---- | C] (AVG Technologies) -- E:\Media\My Documets\avg_avct_stb_all_2012_1869_free.exe
[2011/11/14 16:04:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/14 15:51:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/14 15:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\AVG2012
[2011/11/14 15:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\AVG
[2011/11/14 15:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/14 15:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/11/14 15:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/14 15:43:00 | 003,903,608 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Mitch\Desktop\avg_avct_stb_all_2012_1869_free.exe
[2011/11/13 14:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011/11/11 15:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Windows Search
[2011/11/10 22:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Local Settings\Application Data\AskToolbar
[2011/11/10 22:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/11/10 22:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Sammsoft
[2011/11/10 13:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\ElevatedDiagnostics
[2011/11/10 13:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell
[2011/11/10 13:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/11/10 10:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\OpenOffice.org
[2011/11/02 13:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/11/02 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2011/11/02 13:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/11/01 14:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/01 14:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/28 21:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Application Data\Nikon
[2011/10/24 18:28:16 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Mitch\Desktop\spybotsd162.exe
[9 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/23 09:55:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mitch\Desktop\OTL.exe
[2011/11/23 09:17:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/22 10:54:48 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/17 13:45:26 | 084,132,744 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\jdk-7u1-windows-x64.exe
[2011/11/16 12:51:35 | 000,879,569 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\SecurityCheck.exe
[2011/11/16 11:09:55 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 11:06:04 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mitch\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/15 12:33:20 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\AVG PC Tuneup 2011.lnk
[2011/11/15 12:32:32 | 008,143,904 | ---- | M] (AVG ) -- C:\Documents and Settings\Mitch\Desktop\avg_pct_stf_all_2012_26_c4.exe
[2011/11/14 15:50:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/11/14 15:50:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/14 15:43:12 | 003,903,608 | ---- | M] (AVG Technologies) -- E:\Media\My Documets\avg_avct_stb_all_2012_1869_free.exe
[2011/11/14 15:43:12 | 003,903,608 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Mitch\Desktop\avg_avct_stb_all_2012_1869_free.exe
[2011/11/11 00:02:29 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/11 00:01:33 | 000,000,984 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 22:59:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2011/11/07 17:51:28 | 005,068,225 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\EP9_2-8geol.pdf
[2011/11/07 17:43:53 | 002,863,130 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\mcbee.pdf
[2011/10/24 18:30:05 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/24 18:30:05 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Mitch\Desktop\Spybot - Search & Destroy.lnk
[2011/10/24 18:28:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Mitch\Desktop\spybotsd162.exe
[9 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/17 10:58:20 | 084,132,744 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\jdk-7u1-windows-x64.exe
[2011/11/16 12:51:35 | 000,879,569 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\SecurityCheck.exe
[2011/11/16 11:09:55 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/15 12:33:20 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\AVG PC Tuneup 2011.lnk
[2011/11/14 15:50:29 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/14 15:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\incavi.avm
[2011/11/14 15:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AVG\iavichjw.avm
[2011/11/07 17:51:28 | 005,068,225 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\EP9_2-8geol.pdf
[2011/11/07 17:43:53 | 002,863,130 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\mcbee.pdf
[2011/11/06 13:40:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/06 13:40:31 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/10/24 18:30:05 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/24 18:30:05 | 000,001,008 | ---- | C] () -- C:\Documents and Settings\Mitch\Desktop\Spybot - Search & Destroy.lnk
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\OVDecode.dll
[2010/09/20 21:25:32 | 000,000,388 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\SamsungLiveUpdateConfig.ini
[2010/09/20 20:07:18 | 011,878,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/04/01 20:47:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/02/28 14:14:51 | 000,663,552 | ---- | C] () -- C:\WINDOWS\SysWow64\ati2saag.exe
[2009/02/28 14:09:51 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/01/23 21:32:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeW7.dll
[2009/01/23 21:32:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeA6.dll
[2009/01/23 21:32:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeP6.dll
[2009/01/23 21:32:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeM6.dll
[2009/01/23 21:32:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizePX.dll
[2009/01/23 21:32:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresize.dll
[2009/01/23 21:32:07 | 000,831,600 | ---- | C] () -- C:\WINDOWS\SysWow64\Ctaa1.dat
[2009/01/23 21:32:07 | 000,122,880 | ---- | C] () -- C:\WINDOWS\SysWow64\cddvdint.dll
[2009/01/19 23:18:21 | 000,000,331 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/23 22:23:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/11/23 22:12:11 | 000,571,736 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/11/20 21:54:13 | 000,037,376 | R--- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2008/11/20 20:27:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/20 13:55:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/18 06:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 06:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007/02/18 06:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 06:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 06:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 06:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 06:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 06:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 06:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 06:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 06:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 06:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 06:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 06:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 06:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2007/02/18 06:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007/02/18 06:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 06:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2007/02/18 06:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007/02/18 06:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe

< End of report >
  • 0

#49
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
OTL Extras logfile created on: 11/23/2011 AM 09:58:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mitch\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.14 Gb Available Physical Memory | 78.53% Memory free
5.74 Gb Paging File | 4.86 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 430.75 Gb Free Space | 92.48% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 456.87 Gb Free Space | 98.09% Space Free | Partition Type: NTFS

Computer Name: MITCH | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
"C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2012\avgemca.exe" = C:\Program Files (x86)\AVG\AVG2012\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2012\avgemca.exe" = C:\Program Files (x86)\AVG\AVG2012\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{76202DBC-6FDA-47EA-B32F-F88512C03B18}" = AVG 2012
"{9FC24CE0-2B41-C751-C642-ADF33D7F2C3A}" = AMD Catalyst Install Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B77BAB16-2F2F-1B45-7EBF-F9FDAF452988}" = ccc-utility64
"{BEC69493-1732-4F85-B559-CC99CB30665C}" = AVG 2012
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"AVG" = AVG 2012
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02D968F7-702A-4362-B6F2-1769EE611427}" = LightScribe Diagnostic Utility
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0A5599B2-13F6-1A99-8A05-B3615EDAB1BB}" = CCC Help Spanish
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{462E0770-5064-036B-DB9D-ECE2C6603CAC}" = Catalyst Control Center Localization All
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52A82C57-87A1-2C08-C9DB-0E276DD6B07E}" = Catalyst Control Center Graphics Previews Common
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{82D79CD2-4254-1E9C-EB2F-B39401F89C3A}" = CCC Help German
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F0E78E-5B2C-9E4F-25E7-E228FF5EDA9B}" = CCC Help Italian
"{A148EA37-B1EF-79FD-D56E-81224C24BE5A}" = CCC Help French
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2413158-A820-18E0-2E62-E4501BA00FDB}" = CCC Help Portuguese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D305359E-7ABA-E1C3-82B0-2AAB25EE3A17}" = Catalyst Control Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE6B700F-D08A-C8FB-6DFF-98809FC654A1}" = Catalyst Control Center InstallProxy
"{EE9B03EE-B5ED-FB58-7DB7-79F0EF1F4919}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MSNINST" = MSN
"SpeedFan" = SpeedFan (remove only)
"WhiteCap" = WhiteCap

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2011 PM 10:23:11 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 01:12:41 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:20:48 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:20:49 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:43:34 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:45:44 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:52:31 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:54:49 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:55:11 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 11/23/2011 AM 11:57:21 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

[ System Events ]
Error - 11/20/2011 AM 07:04:32 | Computer Name = MITCH | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/20/2011 AM 07:33:53 | Computer Name = MITCH | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/20/2011 AM 08:05:03 | Computer Name = MITCH | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/20/2011 AM 08:07:47 | Computer Name = MITCH | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/20/2011 PM 02:49:28 | Computer Name = MITCH | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/20/2011 PM 02:49:28 | Computer Name = MITCH | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/21/2011 PM 12:59:04 | Computer Name = MITCH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000129A696FB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/22/2011 PM 12:48:09 | Computer Name = MITCH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000129A696FB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/22/2011 PM 07:53:28 | Computer Name = MITCH | Source = sr | ID = 1
Description =

Error - 11/23/2011 AM 11:20:05 | Computer Name = MITCH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000129A696FB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#50
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Quarantine is empty.
  • 0

#51
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
HI!

Thanks for the information regarding the Quarantine folder.

Lets see what this utility below finds.


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#52
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
10:18:47.0687 3368 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:18:48.0390 3368 ============================================================
10:18:48.0390 3368 Current date / time: 2011/11/24 10:18:48.0390
10:18:48.0390 3368 SystemInfo:
10:18:48.0390 3368
10:18:48.0390 3368 OS Version: 5.2.3790 ServicePack: 2.0
10:18:48.0390 3368 Product type: Workstation
10:18:48.0390 3368 ComputerName: MITCH
10:18:48.0406 3368 UserName: Mitch
10:18:48.0406 3368 Windows directory: C:\WINDOWS
10:18:48.0406 3368 System windows directory: C:\WINDOWS
10:18:48.0406 3368 Running under WOW64
10:18:48.0406 3368 Processor architecture: Intel x64
10:18:48.0406 3368 Number of processors: 4
10:18:48.0406 3368 Page size: 0x1000
10:18:48.0406 3368 Boot type: Normal boot
10:18:48.0406 3368 ============================================================
10:18:49.0640 3368 Initialize success
10:19:02.0265 1748 ============================================================
10:19:02.0265 1748 Scan started
10:19:02.0265 1748 Mode: Manual; SigCheck; TDLFS;
10:19:02.0265 1748 ============================================================
10:19:03.0125 1748 Abiosdsk - ok
10:19:03.0187 1748 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:19:04.0281 1748 ACPI - ok
10:19:04.0359 1748 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:19:04.0453 1748 ACPIEC - ok
10:19:04.0500 1748 adpu160m - ok
10:19:04.0515 1748 adpu320 - ok
10:19:04.0562 1748 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
10:19:04.0656 1748 aec - ok
10:19:04.0703 1748 AFD (69be58f000aa275e656611ef2919f3ce) C:\WINDOWS\System32\drivers\afd.sys
10:19:04.0750 1748 AFD - ok
10:19:04.0765 1748 aic78u2 - ok
10:19:04.0765 1748 aic78xx - ok
10:19:04.0781 1748 AliIde - ok
10:19:04.0781 1748 AmdIde - ok
10:19:04.0796 1748 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\WINDOWS\system32\DRIVERS\AmdLLD64.sys
10:19:04.0812 1748 AmdLLD64 - ok
10:19:04.0843 1748 AmdPPM64 (cce290f816a286a6632530da169f5545) C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys
10:19:04.0890 1748 AmdPPM64 - ok
10:19:04.0921 1748 arc - ok
10:19:04.0953 1748 Arp1394 (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:19:05.0031 1748 Arp1394 - ok
10:19:05.0078 1748 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:19:05.0156 1748 AsyncMac - ok
10:19:05.0218 1748 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:19:05.0265 1748 atapi - ok
10:19:05.0265 1748 Atdisk - ok
10:19:05.0468 1748 ati2mtag (0b1e1cc39fb5d0ddac9a66fd8f02570a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:19:05.0875 1748 ati2mtag - ok
10:19:05.0953 1748 AtiHdmiService (92712e79daf6e0fecc6b85e23289385a) C:\WINDOWS\system32\drivers\AtiHdmi.sys
10:19:05.0984 1748 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
10:19:05.0984 1748 AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
10:19:06.0031 1748 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:19:06.0078 1748 Atmarpc - ok
10:19:06.0093 1748 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:19:06.0171 1748 audstub - ok
10:19:06.0234 1748 AVGIDSEH (70bfa1fbb47b1c95f2a316d874149a1f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
10:19:06.0250 1748 AVGIDSEH - ok
10:19:06.0296 1748 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\WINDOWS\system32\DRIVERS\avgldx64.sys
10:19:06.0296 1748 Avgldx64 - ok
10:19:06.0343 1748 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
10:19:06.0359 1748 Avgmfx64 - ok
10:19:06.0359 1748 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
10:19:06.0359 1748 Avgrkx64 - ok
10:19:06.0390 1748 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\WINDOWS\system32\DRIVERS\avgtdia.sys
10:19:06.0406 1748 Avgtdia - ok
10:19:06.0437 1748 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
10:19:06.0531 1748 Beep - ok
10:19:06.0562 1748 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
10:19:06.0640 1748 CdaC15BA - ok
10:19:06.0640 1748 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
10:19:06.0718 1748 CdaD10BA - ok
10:19:06.0734 1748 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
10:19:06.0796 1748 Cdfs - ok
10:19:06.0828 1748 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:19:06.0890 1748 Cdrom - ok
10:19:06.0921 1748 Changer - ok
10:19:06.0937 1748 CmdIde - ok
10:19:06.0968 1748 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
10:19:07.0015 1748 crcdisk - ok
10:19:07.0031 1748 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
10:19:07.0093 1748 Disk - ok
10:19:07.0125 1748 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
10:19:07.0171 1748 dmboot - ok
10:19:07.0187 1748 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
10:19:07.0265 1748 dmio - ok
10:19:07.0281 1748 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
10:19:07.0343 1748 dmload - ok
10:19:07.0359 1748 dpti2o - ok
10:19:07.0375 1748 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
10:19:07.0421 1748 Fastfat - ok
10:19:07.0453 1748 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:19:07.0500 1748 Fdc - ok
10:19:07.0546 1748 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
10:19:07.0625 1748 Fips - ok
10:19:07.0671 1748 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:19:07.0718 1748 Flpydisk - ok
10:19:07.0765 1748 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:19:07.0812 1748 FltMgr - ok
10:19:07.0843 1748 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:19:07.0890 1748 Fs_Rec - ok
10:19:07.0921 1748 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:19:07.0984 1748 Ftdisk - ok
10:19:08.0015 1748 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:19:08.0093 1748 Gpc - ok
10:19:08.0171 1748 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:19:08.0203 1748 HDAudBus - ok
10:19:08.0234 1748 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:19:08.0296 1748 hidusb - ok
10:19:08.0421 1748 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
10:19:08.0531 1748 HTTP - ok
10:19:08.0531 1748 i2omgmt - ok
10:19:08.0578 1748 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:19:08.0671 1748 i8042prt - ok
10:19:08.0671 1748 iirsp - ok
10:19:08.0703 1748 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:19:08.0765 1748 imapi - ok
10:19:08.0890 1748 IntcAzAudAddService (b24e253c0b9fab48cd5b93fd1da2829d) C:\WINDOWS\system32\drivers\RTKHDA64.SYS
10:19:09.0078 1748 IntcAzAudAddService - ok
10:19:09.0109 1748 IntelIde - ok
10:19:09.0140 1748 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:19:09.0218 1748 Ip6Fw - ok
10:19:09.0250 1748 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:19:09.0312 1748 IpFilterDriver - ok
10:19:09.0312 1748 IpInIp - ok
10:19:09.0343 1748 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:19:09.0421 1748 IpNat - ok
10:19:09.0468 1748 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:19:09.0562 1748 IPSec - ok
10:19:09.0625 1748 irda (372fd41360303914ff9a6b4175a5509e) C:\WINDOWS\system32\DRIVERS\irda.sys
10:19:09.0671 1748 irda - ok
10:19:09.0703 1748 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:19:09.0734 1748 IRENUM - ok
10:19:09.0781 1748 irsir (1d821952457697bd165bda89fb84c677) C:\WINDOWS\system32\DRIVERS\irsir.sys
10:19:09.0843 1748 irsir - ok
10:19:09.0890 1748 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:19:09.0937 1748 isapnp - ok
10:19:09.0968 1748 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:19:10.0046 1748 Kbdclass - ok
10:19:10.0078 1748 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:19:10.0156 1748 kbdhid - ok
10:19:10.0234 1748 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
10:19:10.0296 1748 kmixer - ok
10:19:10.0343 1748 KSecDD (4d9faef159d1e704d3d8986b6831838b) C:\WINDOWS\system32\drivers\KSecDD.sys
10:19:10.0421 1748 KSecDD - ok
10:19:10.0421 1748 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
10:19:10.0484 1748 ksthunk - ok
10:19:10.0531 1748 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\WINDOWS\system32\drivers\mbam.sys
10:19:10.0531 1748 MBAMProtector - ok
10:19:10.0562 1748 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
10:19:10.0640 1748 mnmdd - ok
10:19:10.0687 1748 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
10:19:10.0765 1748 Modem - ok
10:19:10.0796 1748 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:19:10.0875 1748 Mouclass - ok
10:19:10.0906 1748 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:19:10.0984 1748 mouhid - ok
10:19:10.0984 1748 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
10:19:11.0031 1748 MountMgr - ok
10:19:11.0046 1748 mraid35x - ok
10:19:11.0078 1748 MRxDAV (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:19:11.0093 1748 MRxDAV - ok
10:19:11.0140 1748 MRxSmb (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:19:11.0218 1748 MRxSmb - ok
10:19:11.0281 1748 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
10:19:11.0359 1748 Msfs - ok
10:19:11.0406 1748 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:19:11.0484 1748 MSKSSRV - ok
10:19:11.0484 1748 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:19:11.0546 1748 MSPCLOCK - ok
10:19:11.0562 1748 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
10:19:11.0625 1748 MSPQM - ok
10:19:11.0656 1748 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:19:11.0718 1748 mssmbios - ok
10:19:11.0734 1748 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
10:19:11.0750 1748 Mup - ok
10:19:11.0781 1748 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
10:19:11.0875 1748 NDIS - ok
10:19:12.0015 1748 NdisTapi (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:19:12.0062 1748 NdisTapi - ok
10:19:12.0093 1748 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:19:12.0156 1748 Ndisuio - ok
10:19:12.0203 1748 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:19:12.0250 1748 NdisWan - ok
10:19:12.0265 1748 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
10:19:12.0281 1748 NDProxy - ok
10:19:12.0312 1748 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:19:12.0359 1748 NetBIOS - ok
10:19:12.0390 1748 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:19:12.0468 1748 NetBT - ok
10:19:12.0593 1748 NIC1394 (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:19:12.0671 1748 NIC1394 - ok
10:19:12.0671 1748 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
10:19:12.0718 1748 Npfs - ok
10:19:12.0781 1748 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
10:19:12.0890 1748 Ntfs - ok
10:19:12.0921 1748 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
10:19:12.0968 1748 Null - ok
10:19:13.0046 1748 ohci1394 (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:19:13.0109 1748 ohci1394 - ok
10:19:13.0140 1748 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys
10:19:13.0203 1748 Parport - ok
10:19:13.0218 1748 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
10:19:13.0265 1748 PartMgr - ok
10:19:13.0265 1748 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
10:19:13.0312 1748 PCI - ok
10:19:13.0328 1748 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:19:13.0375 1748 PCIIde - ok
10:19:13.0406 1748 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:19:13.0484 1748 Pcmcia - ok
10:19:13.0484 1748 PDCOMP - ok
10:19:13.0484 1748 PDFRAME - ok
10:19:13.0500 1748 PDRELI - ok
10:19:13.0500 1748 PDRFRAME - ok
10:19:13.0531 1748 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:19:13.0578 1748 PptpMiniport - ok
10:19:13.0593 1748 Processor (1f6afb4d9ccf57ff90eb4932b672d1e6) C:\WINDOWS\system32\DRIVERS\processr.sys
10:19:13.0640 1748 Processor - ok
10:19:13.0671 1748 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
10:19:13.0734 1748 PSched - ok
10:19:13.0796 1748 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:19:13.0843 1748 Ptilink - ok
10:19:13.0859 1748 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:19:13.0906 1748 RasAcd - ok
10:19:13.0921 1748 Rasirda (45439f9f470dfcb96709d6f38baf9102) C:\WINDOWS\system32\DRIVERS\rasirda.sys
10:19:13.0984 1748 Rasirda - ok
10:19:14.0015 1748 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:19:14.0078 1748 Rasl2tp - ok
10:19:14.0109 1748 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:19:14.0187 1748 RasPppoe - ok
10:19:14.0218 1748 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:19:14.0265 1748 Raspti - ok
10:19:14.0359 1748 Rdbss (f1c8347f0e437e145b2e30a6f29e45bd) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:19:14.0406 1748 Rdbss - ok
10:19:14.0406 1748 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:19:14.0484 1748 RDPCDD - ok
10:19:14.0531 1748 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:19:14.0625 1748 rdpdr - ok
10:19:14.0656 1748 RDPWD (a7b23272893f8c98c74b3a2fa54a9491) C:\WINDOWS\system32\drivers\RDPWD.sys
10:19:14.0671 1748 RDPWD - ok
10:19:14.0734 1748 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:19:14.0781 1748 redbook - ok
10:19:14.0921 1748 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\Sandra.sys
10:19:14.0921 1748 SANDRA - ok
10:19:14.0968 1748 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:19:15.0015 1748 Secdrv - ok
10:19:15.0031 1748 serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:19:15.0093 1748 serenum - ok
10:19:15.0125 1748 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
10:19:15.0171 1748 Serial - ok
10:19:15.0234 1748 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:19:15.0296 1748 Sfloppy - ok
10:19:15.0328 1748 Si3132r5 (1a7335ddaac8cda00db03491f353814e) C:\WINDOWS\system32\DRIVERS\Si3132r5.sys
10:19:15.0343 1748 Si3132r5 - ok
10:19:15.0359 1748 SiFilter (9b692a9ec9d187548ac5d04e2a8cafb8) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
10:19:15.0359 1748 SiFilter - ok
10:19:15.0359 1748 Simbad - ok
10:19:15.0375 1748 SiRemFil (156eb53760a64ce26d615ca5352fb50a) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
10:19:15.0375 1748 SiRemFil - ok
10:19:15.0437 1748 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\WINDOWS\SysWOW64\speedfan.sys
10:19:15.0453 1748 speedfan - ok
10:19:15.0484 1748 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
10:19:15.0546 1748 splitter - ok
10:19:15.0562 1748 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
10:19:15.0609 1748 sr - ok
10:19:15.0671 1748 Srv (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
10:19:15.0796 1748 Srv - ok
10:19:15.0859 1748 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:19:15.0921 1748 swenum - ok
10:19:15.0953 1748 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
10:19:16.0015 1748 swmidi - ok
10:19:16.0031 1748 symc8xx - ok
10:19:16.0046 1748 symmpi - ok
10:19:16.0046 1748 sym_hi - ok
10:19:16.0046 1748 sym_u3 - ok
10:19:16.0078 1748 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
10:19:16.0140 1748 sysaudio - ok
10:19:16.0187 1748 Tcpip (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:19:16.0203 1748 Tcpip - ok
10:19:16.0265 1748 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:19:16.0312 1748 TDPIPE - ok
10:19:16.0328 1748 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
10:19:16.0375 1748 TDTCP - ok
10:19:16.0390 1748 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:19:16.0468 1748 TermDD - ok
10:19:16.0515 1748 TosIde - ok
10:19:16.0578 1748 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
10:19:16.0640 1748 Udfs - ok
10:19:16.0671 1748 ultra - ok
10:19:16.0687 1748 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys
10:19:16.0765 1748 Update - ok
10:19:16.0812 1748 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:19:16.0859 1748 usbccgp - ok
10:19:16.0890 1748 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:19:16.0953 1748 usbehci - ok
10:19:16.0984 1748 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:19:17.0062 1748 usbhub - ok
10:19:17.0109 1748 usbohci (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:19:17.0156 1748 usbohci - ok
10:19:17.0187 1748 usbscan (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:19:17.0234 1748 usbscan - ok
10:19:17.0265 1748 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:19:17.0328 1748 USBSTOR - ok
10:19:17.0390 1748 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
10:19:17.0437 1748 vga - ok
10:19:17.0437 1748 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
10:19:17.0484 1748 VgaSave - ok
10:19:17.0531 1748 ViaIde - ok
10:19:17.0562 1748 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
10:19:17.0625 1748 VolSnap - ok
10:19:17.0671 1748 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:19:17.0718 1748 Wanarp - ok
10:19:17.0718 1748 WDICA - ok
10:19:17.0765 1748 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
10:19:17.0812 1748 wdmaud - ok
10:19:17.0812 1748 WINFLASH64 - ok
10:19:17.0843 1748 WmiAcpi (ea6a8317c29120ede0e422286712d769) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:19:17.0906 1748 WmiAcpi - ok
10:19:17.0953 1748 WudfPf (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:19:18.0000 1748 WudfPf - ok
10:19:18.0000 1748 WudfRd (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:19:18.0031 1748 WudfRd - ok
10:19:18.0062 1748 yukonx64 (ad1a964bf17c7d1b93eeed96f3a6eb4a) C:\WINDOWS\system32\DRIVERS\yk51x64.sys
10:19:18.0109 1748 yukonx64 - ok
10:19:18.0109 1748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:19:18.0187 1748 \Device\Harddisk0\DR0 - ok
10:19:18.0203 1748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:19:18.0375 1748 \Device\Harddisk1\DR1 - ok
10:19:18.0375 1748 Boot (0x1200) (a2c2af1e5255587a8522b82aead7859f) \Device\Harddisk0\DR0\Partition0
10:19:18.0375 1748 \Device\Harddisk0\DR0\Partition0 - ok
10:19:18.0375 1748 Boot (0x1200) (58b651fd3518000a71252b0f8b7ef901) \Device\Harddisk1\DR1\Partition0
10:19:18.0375 1748 \Device\Harddisk1\DR1\Partition0 - ok
10:19:18.0375 1748 ============================================================
10:19:18.0375 1748 Scan finished
10:19:18.0375 1748 ============================================================
10:19:18.0515 3560 Detected object count: 1
10:19:18.0515 3560 Actual detected object count: 1
10:19:30.0890 3560 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:30.0890 3560 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#53
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I'm not really seeing anything malicious in your latest logs.

Please run this scan:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#54
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP159\A0088334.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP162\A0090397.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP162\A0090414.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP162\A0090417.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP175\A0097293.exe Win32/PrcView application cleaned by deleting - quarantined
  • 0

#55
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
I do somewhat random and basic searches to check things out. I do searches for photos of things(WW2 stuff,cars). I did a seach for info on a tank, the site checked out on AVG. When I went to the home page(for the article that I read) to see what else was on the site it was all adds. I think this may have been where I got the new maleware. With that said I have picked up new maleware twice now when using Google search. If I use Bing I don't seem to get any.

I have been very quiet on what I do online so I thought a little info would be helpful. I'm sure that the people that make maleware check this site to probe for info. I was not trying to make things harder.
  • 0

Advertisements


#56
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

These items are in System Restore, and should be flushed out later.

C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP159\A0088334.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP162\A0090397.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP162\A0090414.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP162\A0090417.exe Win32/Shutdown.NAA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{132E82D1-B687-4D27-8D00-D60F3B681627}\RP175\A0097293.exe Win32/PrcView application cleaned by deleting - quarantined

If you perform the same search in Bing and go to the same website, do you see ads on that webpage, or does it display properly? Do these ads happen in a particular browser?

Can you take a screenshot for me the next time it happens?

Please take a screenshot of that window.
  • You can do this by pressing the PrintScreen key.
  • Then go to Start > All Programs > Accessories > Paint
  • In Paint, go up to Edit > Paste
  • Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
  • Then click Reply in this topic.
  • Scroll down to Attachments.
  • Click the Browse button.
  • Locate the file you just saved, click on it, then click Open.
  • Click Upload and submit the reply.

  • 0

#57
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Yes on the Bing search the page is the way it should be.
I'll get a screen shot,but I don't like the idea.

The site is fine now, so I can't get the screen shot.

Edited by M2mouse, 26 November 2011 - 12:02 PM.

  • 0

#58
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

So are you experiencing any other issues with your machine right now?
  • 0

#59
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
As of right now it's all running fine.
  • 0

#60
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

If you're not experiencing any other issues with your computer then the only thing we have to do is clean up our tools.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.




OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP