Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect infection.TDSSkiller does not start


  • Please log in to reply

#16
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Try rebooting your computer and see if your computer connects to the internet after the reboot.
  • 0

Advertisements


#17
SFAdad

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I tried to reboot 2 times without any luck.
Here is the combofix log. I transferred the file to a flash drive.
Please let me know how to fix the conectivity problem.

ComboFix 11-12-05.04 - Michael 12/05/2011 19:53:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.327 [GMT -6:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michael\Application Data\Adobe\plugs
c:\documents and settings\Michael\Application Data\Adobe\shed
c:\documents and settings\Michael\Application Data\EurekaLog
c:\documents and settings\Michael\Application Data\EurekaLog\EurekaLog.ini
c:\documents and settings\Michael\Local Settings\Application Data\{B0E51C96-8948-4D7E-B45D-AA755BF63616}
c:\documents and settings\Michael\Local Settings\Application Data\{B0E51C96-8948-4D7E-B45D-AA755BF63616}\chrome.manifest
c:\documents and settings\Michael\Local Settings\Application Data\{B0E51C96-8948-4D7E-B45D-AA755BF63616}\chrome\content\overlay.xul
c:\documents and settings\Michael\Local Settings\Application Data\{B0E51C96-8948-4D7E-B45D-AA755BF63616}\install.rdf
c:\windows\$NtUninstallKB51060$
c:\windows\$NtUninstallKB51060$\1849120444\@
c:\windows\$NtUninstallKB51060$\1849120444\L\hhxksefu
c:\windows\$NtUninstallKB51060$\1849120444\loader.tlb
c:\windows\$NtUninstallKB51060$\1849120444\U\@00000001
c:\windows\$NtUninstallKB51060$\1849120444\U\@000000c0
c:\windows\$NtUninstallKB51060$\1849120444\U\@000000cb
c:\windows\$NtUninstallKB51060$\1849120444\U\@000000cf
c:\windows\$NtUninstallKB51060$\1849120444\U\@80000000
c:\windows\$NtUninstallKB51060$\1849120444\U\@800000c0
c:\windows\$NtUninstallKB51060$\1849120444\U\@800000cb
c:\windows\$NtUninstallKB51060$\1849120444\U\@800000cf
c:\windows\$NtUninstallKB51060$\2348942476
c:\windows\CSC\d6
c:\windows\system32\
c:\windows\tsoc.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 02:09 . 2011-12-06 02:09 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0C3EFA1-3ED9-4F7F-B7FA-B541E2B6D0E1}\offreg.dll
2011-11-27 22:32 . 2011-11-27 22:33 -------- d-----w- c:\program files\ERUNT
2011-11-27 21:16 . 2011-11-27 21:16 -------- d--h--w- c:\windows\PIF
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-11-27 00:27 . 2011-11-27 00:29 -------- d-----w- c:\program files\QuickTime
2011-11-27 00:22 . 2011-11-27 00:22 -------- d-----w- c:\program files\Apple Software Update
2011-11-27 00:03 . 2011-11-27 00:03 -------- d-----w- c:\program files\Common Files\Java
2011-11-27 00:02 . 2011-11-27 00:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-26 22:31 . 2011-11-26 22:32 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-26 22:27 . 2011-11-26 22:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-11-26 22:09 . 2011-11-26 22:09 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Secunia PSI
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\program files\Secunia
2011-11-26 02:20 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 00:18 . 2011-06-06 04:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 00:00 . 2010-08-01 17:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 10:47 . 2011-10-16 00:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-16 00:43 . 2011-10-16 00:14 19618 ----a-w- C:\FixitRegBackup.reg
2011-10-10 14:22 . 2009-09-28 02:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 04:16 . 2011-10-07 04:16 71168 ----a-w- c:\windows\system32\pthreadVC2.dll
2011-10-07 04:16 . 2011-10-07 04:16 175104 ----a-w- c:\windows\system32\BayerSER00.dll
2011-10-07 04:16 . 2011-10-07 04:16 135680 ----a-w- c:\windows\system32\BayerHID00.dll
2011-10-07 04:16 . 2011-10-07 04:16 131584 ----a-w- c:\windows\system32\BayerHID01.dll
2011-10-07 04:16 . 2011-10-07 04:16 16896 ----a-w- c:\windows\system32\gihgbapi.dll
2011-10-07 04:16 . 2011-10-07 04:16 635904 ----a-w- c:\windows\system32\BMI.dll
2011-10-07 04:16 . 2011-10-07 04:16 147456 ----a-w- c:\windows\system32\BMI_jni.dll
2011-10-07 04:16 . 2011-10-07 04:16 57344 ----a-w- c:\windows\system32\jspWin.dll
2011-09-28 07:06 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Michael\Start Menu\Programs\Startup\
_uninst_07480497.lnk - c:\documents and settings\Michael\Local Settings\Temp\_uninst_07480497.bat [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AddressBookReminderApp]
2009-09-04 06:44 144672 ----a-w- c:\program files\Nova Development\Photo Explosion\4.0\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 18:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 19:28 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-22 03:11 136176 ----atw- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-04-30 08:19 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-06-11 19:27 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 21:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 21:16 741376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsMpSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"NVSvc"=2 (0x2)
"lxdd_device"=2 (0x2)
"lxddCATSCustConnectService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BayerHealthcareService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Michael\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Microsoft Security Client\\msseces.exe"=
"c:\\Documents and Settings\\Michael\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Michael\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/27/2011 4:36 PM 98392]
S1 fsjvegwy;fsjvegwy;\??\c:\windows\system32\drivers\fsjvegwy.sys --> c:\windows\system32\drivers\fsjvegwy.sys [?]
S1 hhasxjge;hhasxjge;\??\c:\windows\system32\drivers\hhasxjge.sys --> c:\windows\system32\drivers\hhasxjge.sys [?]
S1 MpKsl0617ef88;MpKsl0617ef88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A766134C-D41B-4544-9F29-069BA45D1A4D}\MpKsl0617ef88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A766134C-D41B-4544-9F29-069BA45D1A4D}\MpKsl0617ef88.sys [?]
S1 MpKsl06ed6f5f;MpKsl06ed6f5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA9E7277-BFB9-4D8F-A527-02311B3C1ACC}\MpKsl06ed6f5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA9E7277-BFB9-4D8F-A527-02311B3C1ACC}\MpKsl06ed6f5f.sys [?]
S1 MpKsl0e88bea7;MpKsl0e88bea7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{246CF86C-F05F-4DB4-BA1A-55DD35BA7579}\MpKsl0e88bea7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{246CF86C-F05F-4DB4-BA1A-55DD35BA7579}\MpKsl0e88bea7.sys [?]
S1 MpKsl1632a8c9;MpKsl1632a8c9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5CC6E32-BB1C-44D6-918C-389504EB909A}\MpKsl1632a8c9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5CC6E32-BB1C-44D6-918C-389504EB909A}\MpKsl1632a8c9.sys [?]
S1 MpKsl18a2f52a;MpKsl18a2f52a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C5580FC-B737-4E35-9485-7C3E2B7D9C3E}\MpKsl18a2f52a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C5580FC-B737-4E35-9485-7C3E2B7D9C3E}\MpKsl18a2f52a.sys [?]
S1 MpKsl1b8a4221;MpKsl1b8a4221;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7583F15D-F67D-45BF-B052-D4148FACAE8F}\MpKsl1b8a4221.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7583F15D-F67D-45BF-B052-D4148FACAE8F}\MpKsl1b8a4221.sys [?]
S1 MpKsl226751bd;MpKsl226751bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl226751bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl226751bd.sys [?]
S1 MpKsl364ba07e;MpKsl364ba07e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7B0952B-EDD5-4BB9-8DC3-D49C70D110B0}\MpKsl364ba07e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7B0952B-EDD5-4BB9-8DC3-D49C70D110B0}\MpKsl364ba07e.sys [?]
S1 MpKsl3d592a4c;MpKsl3d592a4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B973FDD7-292D-4FC4-8FBC-EBEE60831CAC}\MpKsl3d592a4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B973FDD7-292D-4FC4-8FBC-EBEE60831CAC}\MpKsl3d592a4c.sys [?]
S1 MpKsl59af7a83;MpKsl59af7a83;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F7C463E-46B9-4BA8-9590-6558D22BB782}\MpKsl59af7a83.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F7C463E-46B9-4BA8-9590-6558D22BB782}\MpKsl59af7a83.sys [?]
S1 MpKsl66b9d3dd;MpKsl66b9d3dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D6D6F3B-0DDF-42B5-9DBB-2C0CF5B346C5}\MpKsl66b9d3dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D6D6F3B-0DDF-42B5-9DBB-2C0CF5B346C5}\MpKsl66b9d3dd.sys [?]
S1 MpKsl795b3257;MpKsl795b3257;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl795b3257.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl795b3257.sys [?]
S1 MpKsl7a1518f7;MpKsl7a1518f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl7a1518f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl7a1518f7.sys [?]
S1 MpKsl813291dd;MpKsl813291dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49104C37-2012-4B04-81AA-A0B9DCD8A586}\MpKsl813291dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49104C37-2012-4B04-81AA-A0B9DCD8A586}\MpKsl813291dd.sys [?]
S1 MpKsl8bae7dae;MpKsl8bae7dae;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E8442B3-C3F0-4F26-8C56-8D0D6B71763A}\MpKsl8bae7dae.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E8442B3-C3F0-4F26-8C56-8D0D6B71763A}\MpKsl8bae7dae.sys [?]
S1 MpKsl982f2c49;MpKsl982f2c49;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D68FA761-C321-40CE-9B38-67BEF058D8BC}\MpKsl982f2c49.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D68FA761-C321-40CE-9B38-67BEF058D8BC}\MpKsl982f2c49.sys [?]
S1 MpKsl9a7b33cc;MpKsl9a7b33cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl9a7b33cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl9a7b33cc.sys [?]
S1 MpKsl9c483b10;MpKsl9c483b10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5D647E1-478B-46CB-9797-EAC433A554C4}\MpKsl9c483b10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5D647E1-478B-46CB-9797-EAC433A554C4}\MpKsl9c483b10.sys [?]
S1 MpKsla4906b45;MpKsla4906b45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5064DBFA-2361-41A9-A1F3-DE2A0DBE0E11}\MpKsla4906b45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5064DBFA-2361-41A9-A1F3-DE2A0DBE0E11}\MpKsla4906b45.sys [?]
S1 MpKsla9703b52;MpKsla9703b52;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5FC4A6F-CF2A-48ED-87BD-A1E7F618FEC1}\MpKsla9703b52.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5FC4A6F-CF2A-48ED-87BD-A1E7F618FEC1}\MpKsla9703b52.sys [?]
S1 MpKsla9b08bf0;MpKsla9b08bf0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB931A81-5422-4359-8EB0-C773CC1CD92D}\MpKsla9b08bf0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB931A81-5422-4359-8EB0-C773CC1CD92D}\MpKsla9b08bf0.sys [?]
S1 MpKsld3e69799;MpKsld3e69799;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41E6A929-A815-4CB0-B9B4-C0D5DB33EB13}\MpKsld3e69799.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41E6A929-A815-4CB0-B9B4-C0D5DB33EB13}\MpKsld3e69799.sys [?]
S1 MpKsle075501e;MpKsle075501e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3E9F2C2-A0AB-43A1-A713-230C884C259F}\MpKsle075501e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3E9F2C2-A0AB-43A1-A713-230C884C259F}\MpKsle075501e.sys [?]
S1 MpKslef8c53de;MpKslef8c53de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKslef8c53de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKslef8c53de.sys [?]
S1 MpKslf563474a;MpKslf563474a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C629196-7995-45EB-8056-E9C95EC55866}\MpKslf563474a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C629196-7995-45EB-8056-E9C95EC55866}\MpKslf563474a.sys [?]
S1 nmioocsj;nmioocsj;\??\c:\windows\system32\drivers\nmioocsj.sys --> c:\windows\system32\drivers\nmioocsj.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
S4 BayerHealthcareService;BayerHealthcareService;c:\program files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [6/1/2011 3:10 PM 128120]
S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [5/25/2007 3:41 AM 99248]
S4 REGHOOK;REGHOOK;\??\c:\windows\System32\Drivers\REGHOOK.SYS --> c:\windows\System32\Drivers\REGHOOK.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 03:11]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 03:11]
.
2011-12-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
Trusted Zone: intuit.com\turbotaxweb.turbotaxonline
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-05 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-05 20:20:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 02:20
.
Pre-Run: 27,387,498,496 bytes free
Post-Run: 27,755,667,456 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /bootlog
.
- - End Of File - - 1A1DB86DC9354DF6E08836CCF7F6A67C
  • 0

#18
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Please perform the following steps:

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • You will now see a menu similar to the image below. Simply click on the Repair menu option.

    Posted Image
  • Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.
Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.


Has your internet connection been restored?
  • 0

#19
SFAdad

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Tried your suggestion but still not connectivity. When I click repair i get the following error.
"Windows could not finish repairing the problem because the following action could not be completed: Renewing your IP address."

When I check the status it just says "Acquiring network address."
  • 0

#20
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

On the clean computer:

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.
    • Double-click on the file USBVaccine.zip located on your desktop.
    • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
    • Follow the steps on screen to install the program on your computer.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Step 2

On the clean computer:

Download the Vipre removal tool found here to your flash drive. Transfer it to the infected PC and then run it.


Step 3

On the clean computer:

1. Open notepad and copy/paste the text in the codebox below into it:

File:: 
c:\windows\system32\drivers\fsjvegwy.sys 
c:\windows\system32\drivers\hhasxjge.sys 
c:\windows\system32\drivers\nmioocsj.sys 
c:\windows\system32\drivers\0918719drv.sys
c:\windows\system32\drivers\67056705.sys
c:\windows\system32\drivers\07480497.sys
c:\windows\system32\drivers\72837606.sys
c:\windows\system32\drivers\47053021.sys
c:\windows\system32\drivers\utqxnjc1.sys
c:\Documents and Settings\Michael\Local Settings\Temp\_uninst_07480497.bat
c:\Documents and Settings\Michael\Start Menu\Programs\Startup\_uninst_07480497.lnk
c:\Documents and Settings\Michael\Local Settings\Temp\_uninst_34577397.bat
c:\Documents and Settings\Michael\Start Menu\Programs\Startup\_uninst_34577397.lnk

Driver::
fsjvegwy
hhasxjge
nmioocsj
0918719drv
67056705
07480497
72837606
47053021
utqxnjc1


Save this as CFScript.txt to your flash drive and then transfer it to the infected PC. Save it in the same place as ComboFix.exe.

2. Close any open browsers.

3. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 4

On the infected PC:

  • Go to Start > Run.
  • Type cmd in the Run box.
  • In the window that appears, type netsh winsock reset
  • When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog.
  • Close the command box and reboot the computer.

    When the computer has rebooted:
  • Go to Start > Run.
  • Type cmd in the Run box.
  • In the window that appears, type ipconfig /flushdns
  • Close the command box and reboot your computer.
Has your internet connection been restored?


Things I want to see in your next reply

  • ComboFix.txt
  • Update on internet problem

  • 0

#21
SFAdad

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Followed all steps.
Still no internet connectivity. I have had this problem before. That time it was a dependency issue but I do not remember how I fixed it.

Here is the combofix log

ComboFix 11-12-05.04 - Michael 12/08/2011 20:32:55.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.302 [GMT -6:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Michael\Local Settings\Temp\_uninst_07480497.bat"
"c:\documents and settings\Michael\Local Settings\Temp\_uninst_34577397.bat"
"c:\documents and settings\Michael\Start Menu\Programs\Startup\_uninst_07480497.lnk"
"c:\documents and settings\Michael\Start Menu\Programs\Startup\_uninst_34577397.lnk"
"c:\windows\system32\drivers\07480497.sys"
"c:\windows\system32\drivers\0918719drv.sys"
"c:\windows\system32\drivers\47053021.sys"
"c:\windows\system32\drivers\67056705.sys"
"c:\windows\system32\drivers\72837606.sys"
"c:\windows\system32\drivers\fsjvegwy.sys"
"c:\windows\system32\drivers\hhasxjge.sys"
"c:\windows\system32\drivers\nmioocsj.sys"
"c:\windows\system32\drivers\utqxnjc1.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_07480497
-------\Legacy_0918719DRV
-------\Legacy_47053021
-------\Legacy_67056705
-------\Legacy_72837606
-------\Legacy_UTQXNJC1
-------\Service_fsjvegwy
-------\Service_hhasxjge
-------\Service_nmioocsj
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-09 02:46 . 2011-12-09 02:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0C3EFA1-3ED9-4F7F-B7FA-B541E2B6D0E1}\offreg.dll
2011-12-05 18:03 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0C3EFA1-3ED9-4F7F-B7FA-B541E2B6D0E1}\mpengine.dll
2011-12-04 17:18 . 2011-12-04 17:18 -------- d-----w- c:\documents and settings\Michael\Application Data\ImgBurn
2011-12-04 17:15 . 2011-12-04 17:15 -------- d-----w- c:\program files\ImgBurn
2011-12-01 02:55 . 2011-12-01 02:55 -------- d-----w- C:\_OTL
2011-11-29 02:37 . 2011-11-29 02:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-11-28 01:35 . 2011-11-28 01:35 -------- d-----w- C:\_OTM
2011-11-27 22:36 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-11-27 22:35 . 2011-11-28 00:43 -------- d-----w- C:\VIPRERESCUE
2011-11-27 22:32 . 2011-11-27 22:33 -------- d-----w- c:\program files\ERUNT
2011-11-27 21:16 . 2011-11-27 21:16 -------- d--h--w- c:\windows\PIF
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-11-27 00:29 . 2011-11-27 00:29 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-11-27 00:27 . 2011-11-27 00:29 -------- d-----w- c:\program files\QuickTime
2011-11-27 00:22 . 2011-11-27 00:22 -------- d-----w- c:\program files\Apple Software Update
2011-11-27 00:03 . 2011-11-27 00:03 -------- d-----w- c:\program files\Common Files\Java
2011-11-27 00:02 . 2011-11-27 00:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-26 22:31 . 2011-11-26 22:32 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-26 22:27 . 2011-11-26 22:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-11-26 22:09 . 2011-11-26 22:09 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Secunia PSI
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\program files\Secunia
2011-11-26 02:20 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 00:18 . 2011-06-06 04:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 00:00 . 2010-08-01 17:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-21 10:47 . 2011-10-16 00:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-16 00:43 . 2011-10-16 00:14 19618 ----a-w- C:\FixitRegBackup.reg
2011-10-10 14:22 . 2009-09-28 02:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 04:16 . 2011-10-07 04:16 71168 ----a-w- c:\windows\system32\pthreadVC2.dll
2011-10-07 04:16 . 2011-10-07 04:16 175104 ----a-w- c:\windows\system32\BayerSER00.dll
2011-10-07 04:16 . 2011-10-07 04:16 135680 ----a-w- c:\windows\system32\BayerHID00.dll
2011-10-07 04:16 . 2011-10-07 04:16 131584 ----a-w- c:\windows\system32\BayerHID01.dll
2011-10-07 04:16 . 2011-10-07 04:16 16896 ----a-w- c:\windows\system32\gihgbapi.dll
2011-10-07 04:16 . 2011-10-07 04:16 635904 ----a-w- c:\windows\system32\BMI.dll
2011-10-07 04:16 . 2011-10-07 04:16 147456 ----a-w- c:\windows\system32\BMI_jni.dll
2011-10-07 04:16 . 2011-10-07 04:16 57344 ----a-w- c:\windows\system32\jspWin.dll
2011-09-28 07:06 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( [email protected]_02.13.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-09 02:44 . 2011-12-09 02:44 16384 c:\windows\temp\Perflib_Perfdata_3a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Michael\Start Menu\Programs\Startup\
_uninst_07480497.lnk - c:\documents and settings\Michael\Local Settings\Temp\_uninst_07480497.bat [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AddressBookReminderApp]
2009-09-04 06:44 144672 ----a-w- c:\program files\Nova Development\Photo Explosion\4.0\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 18:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 19:28 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-22 03:11 136176 ----atw- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-04-30 08:19 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-06-11 19:27 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 21:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 21:16 741376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsMpSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"NVSvc"=2 (0x2)
"lxdd_device"=2 (0x2)
"lxddCATSCustConnectService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BayerHealthcareService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Michael\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Microsoft Security Client\\msseces.exe"=
"c:\\Documents and Settings\\Michael\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Michael\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
S1 MpKsl0617ef88;MpKsl0617ef88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A766134C-D41B-4544-9F29-069BA45D1A4D}\MpKsl0617ef88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A766134C-D41B-4544-9F29-069BA45D1A4D}\MpKsl0617ef88.sys [?]
S1 MpKsl06ed6f5f;MpKsl06ed6f5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA9E7277-BFB9-4D8F-A527-02311B3C1ACC}\MpKsl06ed6f5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA9E7277-BFB9-4D8F-A527-02311B3C1ACC}\MpKsl06ed6f5f.sys [?]
S1 MpKsl0e88bea7;MpKsl0e88bea7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{246CF86C-F05F-4DB4-BA1A-55DD35BA7579}\MpKsl0e88bea7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{246CF86C-F05F-4DB4-BA1A-55DD35BA7579}\MpKsl0e88bea7.sys [?]
S1 MpKsl1632a8c9;MpKsl1632a8c9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5CC6E32-BB1C-44D6-918C-389504EB909A}\MpKsl1632a8c9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5CC6E32-BB1C-44D6-918C-389504EB909A}\MpKsl1632a8c9.sys [?]
S1 MpKsl18a2f52a;MpKsl18a2f52a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C5580FC-B737-4E35-9485-7C3E2B7D9C3E}\MpKsl18a2f52a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C5580FC-B737-4E35-9485-7C3E2B7D9C3E}\MpKsl18a2f52a.sys [?]
S1 MpKsl1b8a4221;MpKsl1b8a4221;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7583F15D-F67D-45BF-B052-D4148FACAE8F}\MpKsl1b8a4221.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7583F15D-F67D-45BF-B052-D4148FACAE8F}\MpKsl1b8a4221.sys [?]
S1 MpKsl226751bd;MpKsl226751bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl226751bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl226751bd.sys [?]
S1 MpKsl364ba07e;MpKsl364ba07e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7B0952B-EDD5-4BB9-8DC3-D49C70D110B0}\MpKsl364ba07e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7B0952B-EDD5-4BB9-8DC3-D49C70D110B0}\MpKsl364ba07e.sys [?]
S1 MpKsl3d592a4c;MpKsl3d592a4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B973FDD7-292D-4FC4-8FBC-EBEE60831CAC}\MpKsl3d592a4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B973FDD7-292D-4FC4-8FBC-EBEE60831CAC}\MpKsl3d592a4c.sys [?]
S1 MpKsl59af7a83;MpKsl59af7a83;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F7C463E-46B9-4BA8-9590-6558D22BB782}\MpKsl59af7a83.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F7C463E-46B9-4BA8-9590-6558D22BB782}\MpKsl59af7a83.sys [?]
S1 MpKsl66b9d3dd;MpKsl66b9d3dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D6D6F3B-0DDF-42B5-9DBB-2C0CF5B346C5}\MpKsl66b9d3dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D6D6F3B-0DDF-42B5-9DBB-2C0CF5B346C5}\MpKsl66b9d3dd.sys [?]
S1 MpKsl795b3257;MpKsl795b3257;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl795b3257.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKsl795b3257.sys [?]
S1 MpKsl7a1518f7;MpKsl7a1518f7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl7a1518f7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl7a1518f7.sys [?]
S1 MpKsl813291dd;MpKsl813291dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49104C37-2012-4B04-81AA-A0B9DCD8A586}\MpKsl813291dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49104C37-2012-4B04-81AA-A0B9DCD8A586}\MpKsl813291dd.sys [?]
S1 MpKsl8bae7dae;MpKsl8bae7dae;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E8442B3-C3F0-4F26-8C56-8D0D6B71763A}\MpKsl8bae7dae.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E8442B3-C3F0-4F26-8C56-8D0D6B71763A}\MpKsl8bae7dae.sys [?]
S1 MpKsl982f2c49;MpKsl982f2c49;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D68FA761-C321-40CE-9B38-67BEF058D8BC}\MpKsl982f2c49.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D68FA761-C321-40CE-9B38-67BEF058D8BC}\MpKsl982f2c49.sys [?]
S1 MpKsl9a7b33cc;MpKsl9a7b33cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl9a7b33cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE157C62-AD1C-4074-BD61-BC48F9DA6558}\MpKsl9a7b33cc.sys [?]
S1 MpKsl9c483b10;MpKsl9c483b10;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5D647E1-478B-46CB-9797-EAC433A554C4}\MpKsl9c483b10.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5D647E1-478B-46CB-9797-EAC433A554C4}\MpKsl9c483b10.sys [?]
S1 MpKsla4906b45;MpKsla4906b45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5064DBFA-2361-41A9-A1F3-DE2A0DBE0E11}\MpKsla4906b45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5064DBFA-2361-41A9-A1F3-DE2A0DBE0E11}\MpKsla4906b45.sys [?]
S1 MpKsla9703b52;MpKsla9703b52;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5FC4A6F-CF2A-48ED-87BD-A1E7F618FEC1}\MpKsla9703b52.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5FC4A6F-CF2A-48ED-87BD-A1E7F618FEC1}\MpKsla9703b52.sys [?]
S1 MpKsla9b08bf0;MpKsla9b08bf0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB931A81-5422-4359-8EB0-C773CC1CD92D}\MpKsla9b08bf0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB931A81-5422-4359-8EB0-C773CC1CD92D}\MpKsla9b08bf0.sys [?]
S1 MpKsld3e69799;MpKsld3e69799;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41E6A929-A815-4CB0-B9B4-C0D5DB33EB13}\MpKsld3e69799.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41E6A929-A815-4CB0-B9B4-C0D5DB33EB13}\MpKsld3e69799.sys [?]
S1 MpKsle075501e;MpKsle075501e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3E9F2C2-A0AB-43A1-A713-230C884C259F}\MpKsle075501e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3E9F2C2-A0AB-43A1-A713-230C884C259F}\MpKsle075501e.sys [?]
S1 MpKslef8c53de;MpKslef8c53de;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKslef8c53de.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9573C99-A99C-4A49-8AF7-AF91CFF6214A}\MpKslef8c53de.sys [?]
S1 MpKslf563474a;MpKslf563474a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C629196-7995-45EB-8056-E9C95EC55866}\MpKslf563474a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C629196-7995-45EB-8056-E9C95EC55866}\MpKslf563474a.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 12:01 AM 994360]
S4 BayerHealthcareService;BayerHealthcareService;c:\program files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [6/1/2011 3:10 PM 128120]
S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [5/25/2007 3:41 AM 99248]
S4 REGHOOK;REGHOOK;\??\c:\windows\System32\Drivers\REGHOOK.SYS --> c:\windows\System32\Drivers\REGHOOK.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 03:11]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 03:11]
.
2011-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-12-09 c:\windows\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
Trusted Zone: intuit.com\ttlc
Trusted Zone: intuit.com\turbotaxweb.turbotaxonline
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-08 20:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-08 20:52:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 02:52
ComboFix2.txt 2011-12-06 02:51
ComboFix3.txt 2011-12-06 02:20
.
Pre-Run: 28,418,396,160 bytes free
Post-Run: 28,343,939,072 bytes free
.
- - End Of File - - EF1B11F37CB53E3B907C16206C60330C

Edited by SFAdad, 08 December 2011 - 09:48 PM.

  • 0

#22
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any other problems excluding the internet connection?


Step 1

  • Save this file to the clean computer's desktop:
  • Then transfer it to the infected computer's desktop.
  • Run OTL.
  • Drag and drop fix.txt into the Custom Scans and Fixes box.
  • If you cannot drag and drop for some reason then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your desktop.
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and check the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

  • Press Start > Run.
  • Type sfc /scannow into the Run box.
  • When the scan has finished, restart your computer.
Has your internet connection been restored?


Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt

  • 0

#23
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Sorry the fix.txt file is here: Attached File  fix.txt   619bytes   27 downloads
  • 0

#24
SFAdad

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
The system is running well with the exception of the conectivity problem.
Still can't connect to the internet after following steps and running sfc.
Here are the OTL logs.

All processes killed
========== OTL ==========
Error: No service named SBRE was found to stop!
Service\Driver key SBRE not found.
File C:\WINDOWS\system32\drivers\SBREDrv.sys not found.
C:\WINDOWS\system32\sbbd.exe moved successfully.
C:\VIPRERESCUE\x64 folder moved successfully.
C:\VIPRERESCUE\Quarantine folder moved successfully.
C:\VIPRERESCUE\Definitions folder moved successfully.
C:\VIPRERESCUE folder moved successfully.
========== FILES ==========
c:\documents and settings\Michael\Start Menu\Programs\Startup\_uninst_07480497.lnk moved successfully.
File\Folder c:\documents and settings\Michael\Local Settings\Temp\_uninst_07480497.bat not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Michael
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 2801 bytes
->Google Chrome cache emptied: 129758160 bytes
->Flash cache emptied: 410 bytes

User: NetworkService
->Temp folder emptied: 11026 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13164 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 124.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12102011_202500

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 12/10/2011 8:28:32 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 329.66 Mb Available Physical Memory | 64.51% Memory free
1.94 Gb Paging File | 1.76 Gb Available in Paging File | 91.19% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 26.48 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.23 Gb Free Space | 65.91% Space Free | Partition Type: FAT

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2007/02/26 22:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/21 17:14:15 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/21 17:11:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/21 17:08:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/11/07 04:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/06/01 15:10:22 | 000,128,120 | ---- | M] (Bayer Healthcare LLC) [Disabled | Stopped] -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2010/08/23 19:21:40 | 000,007,692 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/25 03:41:53 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 03:41:37 | 000,529,208 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/07/16 11:10:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/28 10:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/06/24 22:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/11/26 18:01:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/03 03:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/10 20:25:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([turbotaxweb.turbotaxonline] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://svwmi.worldm...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BB0582-5BA9-457E-91B0-E2284D6D28AB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 20:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/08 20:20:10 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 20:25:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/08 21:02:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/12/08 20:52:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/05 19:45:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/05 19:43:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/05 19:43:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/05 19:43:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/05 19:43:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/05 19:42:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/05 19:40:24 | 004,329,111 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2011/12/04 11:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2011/12/04 11:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/12/04 11:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/12/04 11:13:40 | 006,055,875 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Michael\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/11/30 20:55:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 20:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/11/27 20:05:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 19:35:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/27 16:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 16:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/27 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/27 16:28:54 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 15:16:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/26 19:26:13 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 18:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/26 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/26 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/26 18:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/26 17:03:44 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/26 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/26 16:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Secunia PSI
[2011/11/26 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/25 20:20:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/22 21:20:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/22 21:20:06 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/05/25 03:41:40 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/05/25 03:41:37 | 000,529,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/05/17 08:19:57 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/05/17 08:17:22 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/05/17 08:11:47 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/05/17 08:10:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/05/17 08:08:43 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/05/17 08:07:51 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/05/17 08:07:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/05/17 08:06:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/05/17 07:59:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/05/17 07:58:46 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/05/17 07:53:19 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/12/10 20:30:11 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2011/12/10 20:26:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 20:25:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/10 11:30:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2011/12/10 00:09:58 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
[2011/12/08 21:08:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/08 20:07:42 | 000,662,858 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\VClean.exe
[2011/12/06 21:59:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 19:45:23 | 000,000,336 | RHS- | M] () -- C:\boot.ini
[2011/12/05 19:40:39 | 004,329,111 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2011/12/04 11:57:47 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/04 11:15:19 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/12/04 11:14:00 | 006,055,875 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Michael\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/12/04 11:12:30 | 115,079,168 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\gparted-live-0.10.0-3.iso
[2011/12/04 11:06:58 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\rc.iso
[2011/12/03 22:09:19 | 000,028,256 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.zip
[2011/12/03 22:08:14 | 000,034,947 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.odt
[2011/12/03 22:08:02 | 000,034,947 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\diskManagement.odt
[2011/12/03 21:51:35 | 000,020,632 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\avptool_sysinfo.zip
[2011/12/03 21:29:37 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to LOG.lnk
[2011/12/02 21:17:40 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MBRCheck.exe
[2011/12/02 21:17:22 | 104,456,648 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\setup_11.0.0.1245.x01_2011_12_03_06_18 (1).exe
[2011/11/28 18:44:06 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Google Chrome.lnk
[2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 16:32:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/27 16:29:02 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 13:01:15 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2011/11/26 19:45:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 18:36:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/26 17:57:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 10:47:01 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/11/25 19:28:14 | 000,639,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 19:28:14 | 000,151,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/08 20:24:12 | 000,662,858 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\VClean.exe
[2011/12/05 19:45:23 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2011/12/05 19:45:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/05 19:43:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/05 19:43:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/05 19:43:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/05 19:43:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/05 19:43:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/04 11:57:47 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/04 11:15:19 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/12/04 11:06:08 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\rc.iso
[2011/12/04 11:05:50 | 115,079,168 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\gparted-live-0.10.0-3.iso
[2011/12/03 22:09:19 | 000,028,256 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.zip
[2011/12/03 22:08:13 | 000,034,947 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.odt
[2011/12/03 22:08:01 | 000,034,947 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\diskManagement.odt
[2011/12/03 21:52:43 | 000,020,632 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\avptool_sysinfo.zip
[2011/12/03 21:29:37 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to LOG.lnk
[2011/12/02 21:17:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\MBRCheck.exe
[2011/12/02 21:11:39 | 104,456,648 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\setup_11.0.0.1245.x01_2011_12_03_06_18 (1).exe
[2011/11/28 18:44:06 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Google Chrome.lnk
[2011/11/27 16:32:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/26 19:45:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 17:57:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 16:34:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/26 16:08:49 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/11/26 14:46:49 | 000,002,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Project Studio.lnk
[2011/11/26 14:46:49 | 000,002,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Album.lnk
[2011/11/26 14:46:49 | 000,002,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Image Editor.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2011/11/26 14:46:49 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OneTouch Software.lnk
[2011/11/26 14:46:49 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/11/26 14:46:49 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinFF.lnk
[2011/11/26 14:46:48 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemoriesOnTV.lnk
[2011/11/26 14:46:48 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GLUCOFACTS® Deluxe v2.11.lnk
[2011/11/26 14:46:48 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoVIP.lnk
[2011/11/26 14:46:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 14:46:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/26 14:46:44 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\GSAK.lnk
[2011/11/26 14:46:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/26 14:46:28 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/11/26 14:46:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/26 14:46:28 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/11/26 14:46:28 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/26 14:46:27 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyGPS.lnk
[2011/11/26 10:47:02 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/10/15 19:57:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 22:16:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2011/08/23 19:15:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/08/23 19:15:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/08/23 19:14:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2011/08/23 19:14:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2011/08/23 19:14:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2011/08/23 19:14:43 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2011/08/23 19:14:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2011/08/23 19:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2011/05/15 12:15:37 | 004,360,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/23 09:36:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2011/04/23 09:36:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2011/04/23 09:36:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2011/04/23 09:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/06/20 18:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\sversion.ini
[2010/06/20 18:49:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2010/06/02 18:27:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 18:26:11 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\default.rss
[2010/06/02 18:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\downloads.m3u
[2010/05/30 18:49:19 | 000,063,828 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/06 22:21:54 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/02/17 23:00:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\osinfo.dll
[2009/12/22 21:20:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/22 21:20:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/22 21:17:14 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/04 10:00:25 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 22:50:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/03 22:20:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/27 20:10:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/27 20:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 20:02:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 12:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/27 12:55:24 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/05/23 22:04:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 12:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 10:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 11:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/05/17 20:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,639,914 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,151,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/10/14 20:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayerLogs
[2010/04/24 10:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/19 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/03 06:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/04/24 10:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2010/04/24 12:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/30 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/19 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2010/08/13 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GianPaoloSaliola
[2010/03/09 20:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gsak
[2011/10/06 22:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HealthEngage
[2011/12/04 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2011/08/03 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Juniper Networks
[2011/04/23 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2010/05/09 19:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nova Development
[2011/04/01 21:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2011/06/04 20:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PCHC
[2010/10/30 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinFF
[2011/12/08 21:08:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/10 00:09:58 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job

========== Purity Check ==========



< End of report >
  • 0

#25
SFAdad

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
My conectivity problem is fixed. I noticed that the DHCP client was not started even though it was set to automatic. When I tried to start it I received the error message "error 1075". I went to the Microsoft support page http://support.microsoft.com/kb/915162 for this error and followed their instructions and deleted the NetBt dependency from the registry.

Hopefully once you look over the OTL logs you can give my computer a clean bill of health.

Edited by SFAdad, 10 December 2011 - 10:57 PM.

  • 0

Advertisements


#26
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
What a clever user. :lol:


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2011/12/08 20:24:12 | 000,662,858 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\VClean.exe 
    
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 4

The minimum amount of RAM needed for Windows XP is 512MB but I recommend you have at least 1GB.

  • Please visit Crucial System Scanner.
  • Check the box to agree with the Terms and Conditions and click Download the Scanner.
  • Run the scanner and it will suggest RAM modules which you can consider buying to increase the amount of RAM you have.
I recommend you invest in a RAM module in the near future because it can help to increase your computer speed.


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt

  • 0

#27
SFAdad

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
MBAM and ESET didn't find anything.
Logs posted below.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1482476501-484061587-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\Michael\Desktop\VClean.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 709768 bytes
->Temporary Internet Files folder emptied: 1182600 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10670523 bytes
->Flash cache emptied: 410 bytes

User: NetworkService
->Temp folder emptied: 27232 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39472 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 974954 bytes

Total Files Cleaned = 13.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12122011_194451

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 12/12/2011 7:48:17 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 263.27 Mb Available Physical Memory | 51.52% Memory free
1.94 Gb Paging File | 1.70 Gb Available in Paging File | 88.08% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 25.96 Gb Free Space | 46.47% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-02YGOYZ | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2007/02/26 22:16:25 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/02/21 17:14:15 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMRC.DLL
MOD - [2007/02/21 17:11:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXF3PMON.DLL
MOD - [2007/02/21 17:08:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2007/01/23 12:40:03 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxddcaps.dll
MOD - [2007/01/09 10:13:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxdddrs.dll
MOD - [2006/11/07 04:02:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\lxf3oem.dll
MOD - [2006/10/06 11:08:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxddcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/15 19:20:26 | 000,004,164 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/06/01 15:10:22 | 000,128,120 | ---- | M] (Bayer Healthcare LLC) [Disabled | Stopped] -- C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2010/08/23 19:21:40 | 000,007,692 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/25 03:41:53 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 03:41:37 | 000,529,208 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - [2011/12/12 19:46:59 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64DA2395-06C2-46B6-9C98-D0659E1B7CFD}\MpKsl91f0a636.sys -- (MpKsl91f0a636)
DRV - [2011/12/11 04:11:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{64DA2395-06C2-46B6-9C98-D0659E1B7CFD}\MpKsl8e44d765.sys -- (MpKsl8e44d765)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/07/16 11:10:54 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/06/28 10:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/06/24 22:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/11/26 18:01:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/03 03:00:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/12 19:44:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1482476501-484061587-839522115-1003\..Trusted Domains: intuit.com ([turbotaxweb.turbotaxonline] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1254629116874 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://svwmi.worldm...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://svwmi.worldm...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10BB0582-5BA9-457E-91B0-E2284D6D28AB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/27 20:05:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 09:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/12/11 09:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011/12/11 09:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/12/10 22:39:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2011/12/10 21:11:01 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/12/10 21:11:01 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/12/10 21:10:44 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/12/10 21:10:43 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/12/10 21:10:09 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/12/10 21:10:09 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/12/10 21:10:04 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/12/10 21:09:57 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/12/10 21:09:47 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/12/10 21:09:47 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/12/10 21:09:46 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/12/10 21:09:44 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/12/10 21:09:43 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/12/10 21:09:42 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/12/10 21:09:41 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/12/10 21:09:36 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/12/10 21:09:34 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/12/10 21:09:34 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/12/10 21:09:33 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/12/10 21:09:27 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/12/10 21:09:23 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/12/10 21:09:22 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/12/10 21:09:21 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/12/10 21:09:17 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/12/10 21:09:17 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/12/10 21:09:16 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/12/10 21:09:16 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/12/10 21:09:16 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/12/10 21:09:15 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/12/10 21:09:09 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/12/10 21:09:06 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/12/10 21:09:06 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/12/10 21:09:05 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/12/10 21:09:04 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/12/10 21:09:03 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/12/10 21:08:59 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/12/10 21:08:59 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/12/10 21:08:50 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/12/10 21:08:50 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/12/10 21:08:50 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/12/10 21:08:49 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/12/10 21:08:46 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/12/10 21:08:40 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/12/10 21:08:31 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/12/10 21:08:31 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/12/10 21:08:30 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/12/10 21:08:30 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/12/10 21:08:29 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/12/10 21:08:19 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/12/10 21:08:19 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/12/10 21:08:18 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/12/10 21:08:16 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/12/10 21:08:08 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/12/10 21:08:07 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/12/10 21:08:07 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/12/10 21:08:07 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/12/10 21:08:00 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/12/10 21:07:58 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/12/10 21:07:58 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/12/10 21:07:54 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/12/10 21:07:53 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/12/10 21:07:53 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/12/10 21:07:53 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/12/10 21:07:53 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/12/10 21:07:52 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/12/10 21:07:52 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/12/10 21:07:52 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/12/10 21:07:51 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/12/10 21:07:50 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/12/10 21:07:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/12/10 21:07:48 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/12/10 21:07:47 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/12/10 21:07:43 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/12/10 21:07:39 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/12/10 21:07:38 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/12/10 21:07:38 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/12/10 21:07:30 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/12/10 21:07:30 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/12/10 21:07:23 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/12/10 21:07:23 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/12/10 21:07:22 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/12/10 21:07:18 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/12/10 21:07:00 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/12/10 21:06:59 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/12/10 21:06:57 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/12/10 21:06:57 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/12/10 21:06:51 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/12/10 21:06:51 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/12/10 21:06:50 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/12/10 21:06:50 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/12/10 21:06:37 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/12/10 21:06:32 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/12/10 21:06:32 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/12/10 21:06:29 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/12/10 21:06:25 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/12/10 21:06:25 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/12/10 21:06:21 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/12/10 21:06:21 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/12/10 21:06:21 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/12/10 21:06:20 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/12/10 21:06:20 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/12/10 21:06:20 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/12/10 21:06:18 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/12/10 21:06:18 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/12/10 21:06:18 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/12/10 21:06:18 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/12/10 21:06:17 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/12/10 21:05:45 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/12/10 21:05:20 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/12/10 21:05:13 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/12/10 21:05:13 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/12/10 21:05:12 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/12/10 21:05:11 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/12/10 21:05:11 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/12/10 21:05:10 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/12/10 21:05:07 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/12/10 21:05:06 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/12/10 21:05:06 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/12/10 21:05:05 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/12/10 21:05:04 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/12/10 21:05:03 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/12/10 21:04:34 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/12/10 21:04:08 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/12/10 21:03:30 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/12/10 21:03:29 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/12/10 21:03:20 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/12/10 21:03:20 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/12/10 21:03:19 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/12/10 21:03:14 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/12/10 21:03:08 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/12/10 21:03:07 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/12/10 21:03:05 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/12/10 21:03:04 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/12/10 21:03:04 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/12/10 21:03:03 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/12/10 21:02:57 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/12/10 21:02:56 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/12/10 21:02:56 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/12/10 21:02:30 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/12/10 21:02:27 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/12/10 21:02:22 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/12/10 21:02:22 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/12/10 21:02:21 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/12/10 21:02:20 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/12/10 21:02:20 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/12/10 21:02:19 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/12/10 21:02:19 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/12/10 21:02:18 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/12/10 21:02:11 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/12/10 21:02:11 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/12/10 21:02:10 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/12/10 21:02:01 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/12/10 21:02:00 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/12/10 21:02:00 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/12/10 21:02:00 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/12/10 21:01:59 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/12/10 21:01:59 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/12/10 21:01:59 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/12/10 21:01:58 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/12/10 21:01:55 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/12/10 21:01:45 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/12/10 21:01:40 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/12/10 21:01:33 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/12/10 21:01:33 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/12/10 21:01:32 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/12/10 21:01:32 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/12/10 21:01:32 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/12/10 21:01:30 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/12/10 21:01:30 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/12/10 21:01:30 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/12/10 21:01:29 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/12/10 21:01:28 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/12/10 21:01:28 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/12/10 21:01:05 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/12/10 21:01:05 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/12/10 21:01:05 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/12/10 21:01:04 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/12/10 21:01:04 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/12/10 21:01:04 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/12/10 21:01:03 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/12/10 21:01:03 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/12/10 21:01:01 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/12/10 21:01:01 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/12/10 21:01:01 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/12/10 21:01:00 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/12/10 21:01:00 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/12/10 21:00:59 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/12/10 21:00:59 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/12/10 21:00:59 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/12/10 21:00:58 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/12/10 21:00:58 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/12/10 21:00:55 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/12/10 21:00:53 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/12/10 21:00:52 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/12/10 21:00:51 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/12/10 21:00:51 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/12/10 21:00:50 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/12/10 21:00:50 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/12/10 21:00:50 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/12/10 21:00:36 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/12/10 21:00:31 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/12/10 21:00:22 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/12/10 21:00:21 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/12/10 21:00:20 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/12/10 21:00:19 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/12/10 21:00:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/12/10 21:00:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/12/10 21:00:14 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/12/10 21:00:13 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/12/10 21:00:12 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/12/10 21:00:12 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/12/10 20:25:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/08 20:52:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/05 19:45:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/05 19:43:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/05 19:43:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/05 19:43:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/05 19:43:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/05 19:42:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/05 19:40:24 | 004,329,111 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2011/12/04 11:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2011/12/04 11:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/12/04 11:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/12/04 11:13:40 | 006,055,875 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Michael\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/11/30 20:55:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 20:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/11/27 20:05:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 19:35:00 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/27 16:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 16:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/27 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/27 16:28:54 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 15:16:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/11/26 19:26:13 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 18:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/26 18:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/26 18:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/26 18:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/26 17:03:44 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 16:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/26 16:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/11/26 16:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Secunia PSI
[2011/11/26 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/25 20:20:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/22 21:20:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/12/22 21:20:06 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2007/05/25 03:41:40 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2007/05/25 03:41:37 | 000,529,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2007/05/17 08:19:57 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2007/05/17 08:17:22 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2007/05/17 08:11:47 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2007/05/17 08:10:16 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2007/05/17 08:08:43 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2007/05/17 08:07:51 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2007/05/17 08:07:02 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2007/05/17 08:06:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2007/05/17 07:59:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2007/05/17 07:58:46 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2007/05/17 07:53:19 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/12/12 19:52:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/12 19:46:57 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/12/12 19:46:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 19:44:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/12 19:30:11 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003UA.job
[2011/12/12 13:08:57 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job
[2011/12/12 11:30:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484061587-839522115-1003Core.job
[2011/12/06 21:59:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 19:45:23 | 000,000,336 | RHS- | M] () -- C:\boot.ini
[2011/12/05 19:40:39 | 004,329,111 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2011/12/04 11:57:47 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/04 11:15:19 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/12/04 11:14:00 | 006,055,875 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Michael\Desktop\SetupImgBurn_2.5.6.0.exe
[2011/12/04 11:12:30 | 115,079,168 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\gparted-live-0.10.0-3.iso
[2011/12/04 11:06:58 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\rc.iso
[2011/12/03 22:09:19 | 000,028,256 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.zip
[2011/12/03 22:08:14 | 000,034,947 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.odt
[2011/12/03 22:08:02 | 000,034,947 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\diskManagement.odt
[2011/12/03 21:51:35 | 000,020,632 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\avptool_sysinfo.zip
[2011/12/03 21:29:37 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to LOG.lnk
[2011/12/02 21:17:40 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MBRCheck.exe
[2011/12/02 21:17:22 | 104,456,648 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\setup_11.0.0.1245.x01_2011_12_03_06_18 (1).exe
[2011/11/28 18:44:06 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Google Chrome.lnk
[2011/11/27 20:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/11/27 16:32:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/27 16:29:02 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTM.exe
[2011/11/27 13:01:15 | 000,000,220 | ---- | M] () -- C:\Boot.bak
[2011/11/26 19:45:17 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 18:36:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/26 17:57:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\My Documents\iexplorer.com
[2011/11/26 17:03:44 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\iexplorer.com
[2011/11/26 10:47:01 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/11/25 19:28:14 | 000,639,914 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 19:28:14 | 000,151,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/11 09:08:22 | 000,000,498 | ---- | C] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/12/10 21:10:59 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/12/10 21:10:59 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/12/10 21:07:20 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/12/10 21:07:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/12/10 21:05:51 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/12/10 21:03:30 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/12/10 21:03:29 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/12/10 21:03:29 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/12/10 21:03:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/12/10 21:03:27 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/12/10 21:02:21 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/12/10 21:02:21 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/12/10 21:02:20 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/12/10 21:00:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/12/10 21:00:45 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/12/10 21:00:44 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/12/10 21:00:44 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/12/10 21:00:44 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/12/10 21:00:43 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/12/10 21:00:43 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/12/10 21:00:43 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/12/10 21:00:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/12/10 21:00:39 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/12/05 19:45:23 | 000,000,220 | ---- | C] () -- C:\Boot.bak
[2011/12/05 19:45:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/05 19:43:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/05 19:43:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/05 19:43:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/05 19:43:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/05 19:43:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/04 11:57:47 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/04 11:15:19 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/12/04 11:06:08 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\rc.iso
[2011/12/04 11:05:50 | 115,079,168 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\gparted-live-0.10.0-3.iso
[2011/12/03 22:09:19 | 000,028,256 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.zip
[2011/12/03 22:08:13 | 000,034,947 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\diskManagement.odt
[2011/12/03 22:08:01 | 000,034,947 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\diskManagement.odt
[2011/12/03 21:52:43 | 000,020,632 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\avptool_sysinfo.zip
[2011/12/03 21:29:37 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to LOG.lnk
[2011/12/02 21:17:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\MBRCheck.exe
[2011/12/02 21:11:39 | 104,456,648 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\setup_11.0.0.1245.x01_2011_12_03_06_18 (1).exe
[2011/11/28 18:44:06 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Google Chrome.lnk
[2011/11/27 16:32:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\NTREGOPT.lnk
[2011/11/27 16:32:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\ERUNT.lnk
[2011/11/26 19:45:17 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Secunia PSI.lnk
[2011/11/26 17:57:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/11/26 16:34:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/26 16:08:49 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/11/26 14:46:49 | 000,002,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Project Studio.lnk
[2011/11/26 14:46:49 | 000,002,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Album.lnk
[2011/11/26 14:46:49 | 000,002,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo Explosion Image Editor.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/11/26 14:46:49 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2011/11/26 14:46:49 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OneTouch Software.lnk
[2011/11/26 14:46:49 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/11/26 14:46:49 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinFF.lnk
[2011/11/26 14:46:48 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemoriesOnTV.lnk
[2011/11/26 14:46:48 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GLUCOFACTS® Deluxe v2.11.lnk
[2011/11/26 14:46:48 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoVIP.lnk
[2011/11/26 14:46:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 14:46:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/26 14:46:44 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\GSAK.lnk
[2011/11/26 14:46:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/26 14:46:28 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/11/26 14:46:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/26 14:46:28 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011/11/26 14:46:28 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/26 14:46:27 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\EasyGPS.lnk
[2011/11/26 10:47:02 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\iExplore1.exe
[2011/11/25 23:53:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/10/15 19:57:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 22:16:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jspWin.dll
[2011/08/23 19:15:11 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2011/08/23 19:15:11 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2011/08/23 19:14:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2011/08/23 19:14:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2011/08/23 19:14:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2011/08/23 19:14:43 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2011/08/23 19:14:43 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2011/08/23 19:14:43 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2011/05/15 12:15:37 | 004,360,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/23 09:36:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2011/04/23 09:36:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2011/04/23 09:36:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2011/04/23 09:36:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2010/06/20 18:55:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\sversion.ini
[2010/06/20 18:49:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2010/06/02 18:27:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/02 18:26:11 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\default.rss
[2010/06/02 18:26:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\downloads.m3u
[2010/05/30 18:49:19 | 000,063,828 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/06 22:21:54 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/02/17 23:00:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\osinfo.dll
[2009/12/22 21:20:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/12/22 21:20:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/12/22 21:17:14 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/10/04 10:00:25 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 22:50:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/03 22:20:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/27 20:10:27 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/09/27 20:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 20:02:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 12:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/27 12:55:24 | 000,252,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2007/05/23 22:04:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2007/01/23 12:40:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2007/01/09 10:13:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2006/10/06 11:08:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2006/05/17 20:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,639,914 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,151,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/10/14 20:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayerLogs
[2010/04/24 10:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/19 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/03 06:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/04/24 10:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2011/12/11 09:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/04/24 12:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/30 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/19 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2010/08/13 23:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GianPaoloSaliola
[2010/03/09 20:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gsak
[2011/10/06 22:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HealthEngage
[2011/12/04 11:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2011/08/03 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Juniper Networks
[2011/04/23 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Lexmark Productivity Studio
[2010/05/09 19:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nova Development
[2011/04/01 21:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2011/06/04 20:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PCHC
[2010/10/30 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinFF
[2011/12/12 19:52:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/12 19:46:57 | 000,000,498 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job
[2011/12/12 13:08:57 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0EDDE299-1EBA-45EC-84F0-14472A8C02E8}.job

========== Purity Check ==========



< End of report >



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8362

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2011 8:11:12 PM
mbam-log-2011-12-12 (20-11-12).txt

Scan type: Quick scan
Objects scanned: 171625
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=453ddf76972f7c4fa63e10e0b21ecf31
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-13 03:16:33
# local_time=2011-12-12 09:16:33 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 42 87 0 19720068 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=65389
# found=0
# cleaned=0
# scan_time=3081
  • 0

#28
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Congratultions your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START then RUN.
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Posted Image


Installing a Firewall

You have no firewall installed on your computer.

A firewall is necessary on your computer because it can stop attackers from compromising your system and taking over it. It acts as a barrier between the internet and your computer. Hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall, the majority of these security holes will not be accessible as the firewall will block the attempt.

Here are some links to some free firewalls:

Note: A firewall does not completely protect you against viruses so it is recommended you also have an antivirus program running on your computer as well. Do not run more than 1 firewall on your computer at one time.


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.1.102.55) and Adobe Shockwave Player (11.6.3.633) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:



Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#29
SFAdad

SFAdad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Uninstalled Combofix and ran OTL cleanup.
Thanks for sticking with me for 2.5 weeks.
FYI I had to use the /uninstall switch to get combofix to uninstall.

Again Much Obliged!! Good job!!
  • 0

#30
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Your welcome.
Thank you!!! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP