Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

security 2012 virus

Started by melint , Dec 14 2011 04:12 PM

  • Please log in to reply

#1
melint
Posted 14 December 2011 - 04:12 PM

melint

    Member

  • Member
  • PipPipPip
  • 166 posts
i keep getting a pop up saying that my pc in infected with a virus XP security 2012 it says stealth intrusion! that an infection is running in the background :( please help...thank you attached is the OTL
OTL logfile created on: 12/14/2011 4:17:42 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 408.93 Mb Available Physical Memory | 42.66% Memory free
2.26 Gb Paging File | 1.55 Gb Available in Paging File | 68.83% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 60.08 Gb Free Space | 33.78% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 0.46 Gb Free Space | 5.43% Space Free | Partition Type: FAT32

Computer Name: MELIN | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL(4).exe (OldTimer Tools)
PRC - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uur.exe ()
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
PRC - C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe (TuneUp Software GmbH)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (KODAK)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uur.exe ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11121402\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11121402\aswRep.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11120801\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11120801\aswRep.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCoreGecko8.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\TuneUp Utilities 2008\MSI_D6.bpl ()
MOD - C:\Program Files\TuneUp Utilities 2008\ehs_d6.bpl ()
MOD - C:\Program Files\SpywareGuard\sgmain.exe ()
MOD - C:\Program Files\SpywareGuard\sgbhp.exe ()
MOD - C:\Program Files\SpywareGuard\spywareguard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (xmlprov32) -- File not found
SRV - (KodakCCS) -- File not found
SRV - (HidServ) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (ptssvc) -- C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (KODAK)


========== Driver Services (SafeList) ==========

DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (V0500Dev) -- C:\WINDOWS\system32\drivers\V0500Vid.sys (Creative Technology Ltd.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (w300obex) -- C:\WINDOWS\system32\drivers\w300obex.sys (MCCI)
DRV - (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w300mgmt.sys (MCCI)
DRV - (w300mdm) -- C:\WINDOWS\system32\drivers\w300mdm.sys (MCCI)
DRV - (w300mdfl) -- C:\WINDOWS\system32\drivers\w300mdfl.sys (MCCI)
DRV - (w300bus) Sony Ericsson W300 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w300bus.sys (MCCI)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (z525obex) -- C:\WINDOWS\system32\drivers\z525obex.sys (MCCI)
DRV - (z525mdm) -- C:\WINDOWS\system32\drivers\z525mdm.sys (MCCI)
DRV - (z525mdfl) -- C:\WINDOWS\system32\drivers\z525mdfl.sys (MCCI)
DRV - (z525bus) Sony Ericsson Z525 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\z525bus.sys (MCCI)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (sonypvt3) -- C:\WINDOWS\System32\drivers\sonypvt3.sys (Sony Corporation)
DRV - (sonypvf3) -- C:\WINDOWS\System32\drivers\sonypvf3.sys (Sony Corporation)
DRV - (sonypvl3) -- C:\WINDOWS\System32\drivers\sonypvl3.sys (Sony Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.searchtoo.../?opts=yes&hp=8 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://games.yahoo.com/card-games
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 24 76 00 68 F0 5B 4D 89 0F F1 C9 8D 3E DD 70 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.facebook.....com/?ref=home"
FF - prefs.js..extensions.enabledItems: [email protected]:3.33.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:3.26.0
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..keyword.URL: "http://mystart.incre...ss_bar&search="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.....com/home.php?"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/16 20:39:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 09:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 09:24:07 | 000,000,000 | ---D | M]

[2010/10/12 11:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/10/12 11:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\[email protected]
[2011/12/12 23:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions
[2010/09/18 10:01:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 23:57:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/07 10:35:42 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/06/21 21:34:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{9ffac6b9-e5a6-4b13-b018-65c5df38d601}
[2011/07/01 17:08:28 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{c8d9eb1c-b127-434a-9d8b-cc635aa34d08}
[2011/03/21 20:11:42 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/11/14 22:52:16 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/06/16 20:11:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\[email protected]
[2011/02/11 14:20:53 | 000,002,153 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\searchplugins\MyStart Search.xml
[2010/09/25 00:45:05 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\searchplugins\sweetim.xml
[2011/11/23 09:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 00:12:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0NL4VO3.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0NL4VO3.DEFAULT\EXTENSIONS\[email protected]
[2009/02/25 14:25:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/23 09:36:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/10/01 14:10:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 09:36:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/04/26 13:22:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AdobeUpdater6] C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinn...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3813B7B4-A132-4DFF-9ACF-98125848B6C8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-vcm8 {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - C:\Program Files\G7PS\VersaCheck\Messenger for PayCycle\VcmControl.ocx (G7 Productivity Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://myspace-539.v...944385539_m.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop Components:2 () - http://www.google.co...MrAyqfKAQ&hl=en
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{129f0858-71b0-11e0-bd7b-0016172e4c35}\Shell - "" = AutoRun
O33 - MountPoints2\{129f0858-71b0-11e0-bd7b-0016172e4c35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{129f0858-71b0-11e0-bd7b-0016172e4c35}\Shell\AutoRun\command - "" = K:\TL_Bootstrap.exe
O33 - MountPoints2\{cdf3cb93-966d-11df-bd29-0016172e4c35}\Shell - "" = AutoRun
O33 - MountPoints2\{cdf3cb93-966d-11df-bd29-0016172e4c35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cdf3cb93-966d-11df-bd29-0016172e4c35}\Shell\AutoRun\command - "" = K:\VideoConvert.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 00:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2005/11/06 12:28:39 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2027/01/30 02:00:42 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C425.lfa
[2027/01/28 23:17:15 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C421.lfa
[2027/01/28 23:17:15 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C420.lfa
[2025/11/19 08:51:35 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\wdh7231.ocx
[2025/11/17 14:23:14 | 000,003,120 | ---- | M] () -- C:\WINDOWS\wmd0670.ocx
[2011/12/14 16:00:03 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/12/14 13:44:05 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uur.exe
[2011/12/14 13:44:03 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fck.exe
[2011/12/14 13:42:04 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\nye.exe
[2011/12/14 13:42:03 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\flq.exe
[2011/12/13 21:43:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/13 18:23:57 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/09 09:57:29 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 22:20:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/08 22:19:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/08 22:19:24 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/07 13:39:28 | 000,093,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\brother johns resume' 2011.wps
[2011/12/07 13:39:28 | 000,019,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2011/12/05 11:21:53 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PASSWORDS2.wps
[2011/12/02 10:54:21 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 11:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/21 17:15:56 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2027/01/30 02:00:42 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C425.lfa
[2027/01/28 23:17:15 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C421.lfa
[2027/01/28 23:17:15 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C420.lfa
[2025/11/19 08:51:35 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\wdh7231.ocx
[2025/11/17 14:23:14 | 000,003,120 | ---- | C] () -- C:\WINDOWS\wmd0670.ocx
[2011/12/14 13:44:05 | 000,332,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uur.exe
[2011/12/14 13:44:03 | 000,332,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fck.exe
[2011/12/14 13:42:03 | 000,332,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\nye.exe
[2011/12/14 13:42:03 | 000,332,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\flq.exe
[2011/12/07 13:38:19 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\brother johns resume' 2011.wps
[2011/05/05 11:55:19 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/12/19 10:23:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/19 10:23:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/12/13 06:45:22 | 000,077,377 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/10/08 18:43:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2009/10/08 18:43:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\DirectoryService
[2009/10/08 18:43:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/10/08 18:43:23 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2009/07/18 17:39:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/06 03:59:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/16 20:16:38 | 000,146,853 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2009/06/16 20:16:37 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2009/05/24 20:02:27 | 000,146,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/24 18:13:05 | 000,921,932 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\iTunesDB
[2009/05/24 18:13:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\smartpathdb.ini
[2009/05/24 18:12:25 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/21 18:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arhelper.INI
[2008/04/07 09:33:40 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 11:02:18 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/27 11:02:18 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/19 12:04:00 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/19 12:04:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/12/19 12:04:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/12/12 05:42:54 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/24 17:25:40 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/07/15 21:15:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/27 13:42:51 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2007/02/12 09:09:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/02/08 10:53:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/12/24 22:47:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/22 10:00:49 | 000,003,221 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/24 06:18:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/24 05:50:59 | 000,000,043 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/09/30 09:12:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/06/29 20:28:41 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.2.93-7288971L.exe
[2006/06/29 20:28:28 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2006/06/11 14:28:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/05/19 15:10:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/18 20:10:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/05/17 17:21:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/05/17 17:21:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/05/17 17:19:22 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/17 17:18:23 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/05/17 08:15:20 | 000,019,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/05/16 17:06:33 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/03/07 06:25:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 06:02:49 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 05:59:29 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/03/07 05:58:40 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 05:58:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 05:56:02 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 05:53:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 05:43:03 | 000,000,377 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 05:41:40 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/07 05:41:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 05:36:10 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/03/07 05:36:09 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/03/07 05:35:13 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/03/07 05:35:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/03/07 05:31:39 | 000,087,276 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/07 05:30:03 | 000,112,942 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/03/07 05:30:03 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/03/07 05:27:04 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2006/03/07 05:27:04 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2006/03/07 05:26:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 05:22:02 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/07 05:20:28 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 05:00:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 08:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 15:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 15:07:46 | 000,446,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 15:07:46 | 000,073,536 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 15:05:30 | 000,981,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 15:01:42 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 14:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/09 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 02:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 02:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/26 14:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/17 09:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aNa06504bIeHg06504
[2008/12/22 16:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008/04/02 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/05/16 20:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/10/08 18:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/02/12 09:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/01/21 17:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iFiMe01803
[2008/04/05 21:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/04/05 21:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/10/12 19:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/05/05 13:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/01/17 08:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/05/01 13:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/04/03 06:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2006/05/22 12:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/10/08 18:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/03/30 20:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/02/11 14:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2010/07/20 10:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/12/19 10:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/09/02 07:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RichCasino
[2007/01/16 22:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/07/30 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/06 13:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/12/26 14:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2009/10/08 18:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/08/22 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VCheck
[2009/06/20 17:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/09/27 09:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/07/12 16:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/16 07:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/24 19:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/14 16:00:03 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by melint, 14 December 2011 - 04:30 PM.

  • 0

Advertisements

#2
RKinner
Posted 24 December 2011 - 11:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = ED 24 76 00 68 F0 5B 4D 89 0F F1 C9 8D 3E DD 70 [binary data]
[2027/01/30 02:00:42 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C425.lfa
[2027/01/28 23:17:15 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C421.lfa
[2027/01/28 23:17:15 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C420.lfa
[2025/11/19 08:51:35 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\wdh7231.ocx
[2025/11/17 14:23:14 | 000,003,120 | ---- | M] () -- C:\WINDOWS\wmd0670.ocx
[2011/12/14 16:00:03 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2011/12/14 13:44:05 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\uur.exe
[2011/12/14 13:44:03 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fck.exe
[2011/12/14 13:42:04 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\nye.exe
[2011/12/14 13:42:03 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\flq.exe
[2011/04/17 09:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aNa06504bIeHg06504

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config xmlprov32 start= disabled /c
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\*.exe
net start /c
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
ipsec.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


Run Combofix again and post the log.
  • 0

#3
melint
Posted 27 December 2011 - 05:59 PM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
sorry it took so long for me to reply, was on christmas holiday. thanks for your time and trouble and here is the first log. working on the other as we speakAttached File  otl log.txt   9.63KB   159 downloads
  • 0

#4
melint
Posted 27 December 2011 - 06:27 PM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
here are the next two otl logs. working on avast now

OTL logfile created on: 12/27/2011 6:04:56 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 499.46 Mb Available Physical Memory | 52.11% Memory free
2.26 Gb Paging File | 1.92 Gb Available in Paging File | 84.91% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 20.84 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 0.46 Gb Free Space | 5.43% Space Free | Partition Type: FAT32
Drive E: | 3.73 Gb Total Space | 0.51 Gb Free Space | 13.56% Space Free | Partition Type: FAT32

Computer Name: MELIN | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL(3).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (KODAK)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\IncrediMail\bin\wlessfp1.dll ()
MOD - C:\Program Files\IncrediMail\bin\ImLookExU.dll ()
MOD - C:\Program Files\IncrediMail\bin\ImComUtlU.dll ()
MOD - C:\Program Files\IncrediMail\bin\ImAppRU.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\IncrediMail\bin\PMC.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\WINDOWS\system32\qedit.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Common Files\muvee Technologies\030625\QuickTimeSource.dll ()
MOD - C:\Program Files\SpywareGuard\sgmain.exe ()
MOD - C:\Program Files\SpywareGuard\sgbhp.exe ()
MOD - C:\Program Files\SpywareGuard\dlprotect.dll ()
MOD - C:\Program Files\SpywareGuard\spywareguard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (xmlprov32) -- File not found
SRV - (KodakCCS) -- File not found
SRV - (HidServ) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (ptssvc) -- C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (KODAK)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (V0500Dev) -- C:\WINDOWS\system32\drivers\V0500Vid.sys (Creative Technology Ltd.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (w300obex) -- C:\WINDOWS\system32\drivers\w300obex.sys (MCCI)
DRV - (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w300mgmt.sys (MCCI)
DRV - (w300mdm) -- C:\WINDOWS\system32\drivers\w300mdm.sys (MCCI)
DRV - (w300mdfl) -- C:\WINDOWS\system32\drivers\w300mdfl.sys (MCCI)
DRV - (w300bus) Sony Ericsson W300 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w300bus.sys (MCCI)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (z525obex) -- C:\WINDOWS\system32\drivers\z525obex.sys (MCCI)
DRV - (z525mdm) -- C:\WINDOWS\system32\drivers\z525mdm.sys (MCCI)
DRV - (z525mdfl) -- C:\WINDOWS\system32\drivers\z525mdfl.sys (MCCI)
DRV - (z525bus) Sony Ericsson Z525 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\z525bus.sys (MCCI)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (sonypvt3) -- C:\WINDOWS\System32\drivers\sonypvt3.sys (Sony Corporation)
DRV - (sonypvf3) -- C:\WINDOWS\System32\drivers\sonypvf3.sys (Sony Corporation)
DRV - (sonypvl3) -- C:\WINDOWS\System32\drivers\sonypvl3.sys (Sony Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://games.yahoo.com/card-games
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.startup.homepage: "http://www.facebook.....com/?ref=home"
FF - prefs.js..extensions.enabledItems: [email protected]:3.33.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:3.26.0
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..keyword.URL: "http://mystart.incre...ss_bar&search="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.....com/home.php?"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\HP_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/16 20:39:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 09:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 09:24:07 | 000,000,000 | ---D | M]

[2010/10/12 11:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/10/12 11:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\[email protected]
[2011/12/15 09:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions
[2010/09/18 10:01:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 23:57:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/07 10:35:42 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/03/21 20:11:42 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/11/14 22:52:16 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/06/16 20:11:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\extensions\[email protected]
[2011/02/11 14:20:53 | 000,002,153 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\searchplugins\MyStart Search.xml
[2010/09/25 00:45:05 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\g0nl4vo3.default\searchplugins\sweetim.xml
[2011/11/23 09:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 00:12:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0NL4VO3.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G0NL4VO3.DEFAULT\EXTENSIONS\[email protected]
[2009/02/25 14:25:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/23 09:36:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/10/01 14:10:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 09:36:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/15 09:58:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinn...ealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-vcm8 {560A62D2-E52E-4BC6-A88C-5E4651A2C1D1} - C:\Program Files\G7PS\VersaCheck\Messenger for PayCycle\VcmControl.ocx (G7 Productivity Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://myspace-539.v...944385539_m.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop Components:2 () - http://www.google.co...MrAyqfKAQ&hl=en
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 17:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\New Folder
[2011/12/22 13:09:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/15 09:36:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/14 20:54:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/14 20:51:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/14 20:51:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/14 20:51:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/14 20:51:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/14 20:50:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2005/11/06 12:28:39 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 17:51:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/27 17:51:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 17:51:00 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 09:32:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/25 20:52:59 | 000,020,214 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2011/12/25 20:52:05 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/12/22 14:28:01 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/22 13:51:38 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 13:24:33 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut (2) to afd.lnk
[2011/12/22 13:24:26 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to afd.lnk
[2011/12/20 21:43:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/15 09:58:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/14 20:54:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/12/07 13:39:28 | 000,093,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\brother johns resume' 2011.wps
[2011/12/05 11:21:53 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PASSWORDS2.wps
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/25 20:52:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/12/22 13:43:30 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/22 13:24:33 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut (2) to afd.lnk
[2011/12/22 13:24:26 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to afd.lnk
[2011/12/14 20:51:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/14 20:51:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/14 20:51:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/14 20:51:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/14 20:51:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/07 13:38:19 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\brother johns resume' 2011.wps
[2011/05/05 11:55:19 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/12/19 10:23:27 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/12/19 10:23:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/12/13 06:45:22 | 000,077,377 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/10/08 18:43:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Documents
[2009/10/08 18:43:23 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\DirectoryService
[2009/10/08 18:43:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/10/08 18:43:23 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2009/07/18 17:39:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/06 03:59:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/16 20:16:38 | 000,146,853 | ---- | C] () -- C:\WINDOWS\hpoins31.dat
[2009/06/16 20:16:37 | 000,000,945 | ---- | C] () -- C:\WINDOWS\hpomdl31.dat
[2009/05/24 20:02:27 | 000,146,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/24 18:13:05 | 000,921,932 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\iTunesDB
[2009/05/24 18:13:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\smartpathdb.ini
[2009/05/24 18:12:25 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/21 18:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arhelper.INI
[2008/04/07 09:33:40 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 11:02:18 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/27 11:02:18 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/19 12:04:00 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/19 12:04:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/12/19 12:04:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/12/12 05:42:54 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/24 17:25:40 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/07/15 21:15:45 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/12 09:09:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/02/08 10:53:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/12/24 22:47:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/22 10:00:49 | 000,003,221 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/24 06:18:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/24 05:50:59 | 000,000,043 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/09/30 09:12:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/06/29 20:28:28 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2006/06/11 14:28:17 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/05/19 15:10:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/18 20:10:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/05/17 17:21:34 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/05/17 17:21:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/05/17 17:19:22 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/17 17:18:23 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/05/17 08:15:20 | 000,020,214 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/05/16 17:06:33 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/03/07 06:25:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 06:02:49 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 05:58:40 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 05:58:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 05:56:02 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 05:53:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 05:43:03 | 000,000,377 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 05:41:40 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/03/07 05:41:40 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 05:36:10 | 000,080,417 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/03/07 05:36:09 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/03/07 05:35:13 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/03/07 05:35:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/03/07 05:31:39 | 000,087,276 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/07 05:30:03 | 000,112,942 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/03/07 05:30:03 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/03/07 05:27:04 | 000,088,403 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2006/03/07 05:27:04 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2006/03/07 05:26:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 05:22:02 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/07 05:20:28 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 05:00:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 08:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 15:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 15:07:46 | 000,446,774 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 15:07:46 | 000,073,536 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 15:05:30 | 000,981,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 15:01:42 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 14:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/09 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 01:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 02:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 02:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/11/13 16:10:47 | 000,000,000 | ---- | M] () -- C:\10.1.19.109
[2011/10/28 13:06:45 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/12/14 20:54:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/09 15:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/15 10:12:27 | 000,030,517 | ---- | M] () -- C:\ComboFix.txt
[2005/08/30 15:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/04 12:21:04 | 000,009,971 | ---- | M] () -- C:\Cucu_Video_log.txt
[2011/04/16 19:20:24 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2001/09/05 21:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2011/12/27 17:51:00 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2006/10/22 14:13:21 | 000,000,000 | ---- | M] () -- C:\hplog.txt
[2007/06/19 22:09:04 | 000,001,511 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/30 15:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/20 17:57:15 | 000,002,491 | -H-- | M] () -- C:\IPH.PH
[2009/05/24 18:15:02 | 000,003,370 | ---- | M] () -- C:\iPod2PC_log.txt
[2005/08/30 15:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/09 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/22 18:04:25 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/13 16:15:00 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2011/12/25 19:50:58 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2011/12/27 17:50:59 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2008/04/02 15:12:17 | 042,825,158 | ---- | M] (McAfee, Inc.) -- C:\sdat5265.exe
[2009/08/16 19:32:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/21 18:14:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/27 18:05:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/13 18:41:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/23 18:44:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/24 16:14:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/27 16:14:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/27 16:15:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/27 16:15:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/30 15:20:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/30 15:20:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/04 12:11:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/10/04 12:20:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/07/29 05:00:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/08/02 21:16:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/08/03 07:32:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/08/05 17:47:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/08 16:59:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/13 17:08:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/09/09 16:59:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/16 19:32:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/21 18:14:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/27 18:05:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/09/13 18:41:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/23 18:44:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/24 16:14:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/27 16:14:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/27 16:15:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/27 16:15:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/30 15:20:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/30 15:20:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/10/04 12:11:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/10/04 12:20:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/07/29 05:00:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/08/02 21:16:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/08/03 07:32:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/08/05 17:47:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/08 16:59:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/13 17:08:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/04/26 15:59:08 | 000,054,814 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_26.04.2010_16.59.03_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/09/24 02:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2005/08/30 15:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/10/28 11:49:30 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp696.dll
[2004/03/22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/12/20 15:22:29 | 000,001,698 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2005/11/06 12:28:31 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 07:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/30 07:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/07 16:57:26 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Create & Print Home.url
[2008/08/22 18:10:47 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/02/28 12:01:24 | 000,774,144 | ---- | M] () -- C:\WINDOWS\system32\NEROINSTAEC43759.DB
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-19 16:45:27


< MD5 for: BEEP.SYS >
[2004/08/09 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/09 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/09 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: IPSEC.SYS >
[2008/04/13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipsec.sys
[2008/04/13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008/04/13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/09 15:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: MSWSOCK.DLL >
[2008/06/20 11:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 11:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/09 15:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 11:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 11:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 10:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 10:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 10:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 04:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 04:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 18:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[2008/06/20 11:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 11:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2008/04/14 04:42:02 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- C:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
[2008/04/13 18:12:01 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netcfgx.dll
[2008/04/14 04:42:02 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- C:\WINDOWS\system32\netcfgx.dll
[2004/08/09 15:00:00 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=E3AE8DC04643850D2DFD431443558B28 -- C:\WINDOWS\$NtServicePackUninstall$\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 18:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 12:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 12:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2004/08/09 15:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtUninstallKB905414$\netman.dll

< MD5 for: NETSHELL.DLL >
[2008/04/14 04:42:04 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- C:\WINDOWS\ServicePackFiles\i386\netshell.dll
[2008/04/13 18:12:02 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netshell.dll
[2008/04/14 04:42:04 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- C:\WINDOWS\system32\netshell.dll
[2005/06/21 16:00:18 | 001,705,472 | ---- | M] (Microsoft Corporation) MD5=9BD086B1E1CB82A11B95F5BA613C4A4E -- C:\WINDOWS\$NtServicePackUninstall$\netshell.dll

< End of report >

Attached Files


  • 0

#5
melint
Posted 27 December 2011 - 06:45 PM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
well my avast would not open so i deleted it and tried to download it from my laptop, but since i can't connect to the internet, it could not complete the set up. now what do i do?
  • 0

#6
RKinner
Posted 27 December 2011 - 06:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download and Save the attached ipsec.zip file. Right click on it and Extract All. This will create a folder called ipsec with two files in it:

ipsec.reg and Legacy_ipsec.reg.

Right click on ipsec.reg and select MERGE. Allow it to Merge. Report any errors you get.

Right click on Legacy_ipsec.reg and select MERGE. Allow it to Merge. Report any errors you get.

If you did not get any errors then

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
melint
Posted 28 December 2011 - 10:55 AM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i got no errors when i merged the ipsec reg, but when i tried to merge legacy_ipsec i got this error message:

cannot import c:\documents and settings\HP_administrator\desktop\ipsec\legacy_ipsec.reg.error accessing the registry
  • 0

#8
RKinner
Posted 28 December 2011 - 11:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
IF IPSEC.reg worked that may be enough. See if you can start ipsec:

Start, Run, cmd, OK then type what you see in each code box(with an Enter after each line)

net  start  ipsec

If it says the service is starting or is already started then we probably do not need to get legacy_ipsec to work. Let's see if DHCP is started or will start:

net  start  dhcp

If it starts or is already started then we should be able to get on line:

ipconfig  /release

ipconfig  /renew

Does this work? If so see if you can get on line now. If you can do the following:





Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#9
melint
Posted 28 December 2011 - 11:29 AM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
after i put ipsec it opened a new window and says that it is not recognized as an internal or external command, operable program or batch file
  • 0

#10
melint
Posted 28 December 2011 - 11:34 AM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i read your reply again and think i did it wrong, i put an enter after each word instead of each code box. but i tried the other way to, typed all three words and then enter and i got a message saying that the service name is invalid
  • 0

Advertisements

#11
RKinner
Posted 28 December 2011 - 01:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the next line:

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC

Start, Run, cmd, OK. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Do you get an error message or does it delete the key?

If it deleted the key, try to Merge the legacy_ipsec.reg again.
  • 0

#12
melint
Posted 28 December 2011 - 01:43 PM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i pasted the command and it appeared to work. first it said permanently delete the registry key (y/N) and then automatically it said the operation completed successfully. i did not click y or n, but still cannot merge legacy_ipsec.reg it reads Error accessing the registry
  • 0

#13
RKinner
Posted 28 December 2011 - 01:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You are going to have to take ownership of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root key.

Start, Run, regedit, OK

Locate HKEY_LOCAL_MACHINE

and click on the + in front of it.

Now find SYSTEM

and click on its +

Now find CurrentControlSet

and click on its +

Now find Enum

and click on its +

Now find Root and just click on it.

Right click on Root and select Permissions.

Click Advanced, and then click the Owner tab.

Under Change owner to,
Select Administrators then click OK.

You should be back at the Permissions page. Click on Administrators then verify that Full Control is checked in the Allow column at the bottom.

Close regedit.

Right click on legacy_ipsec.reg and Merge. Does it work this time?
  • 0

#14
melint
Posted 28 December 2011 - 02:13 PM

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
yayyyy!! worked, should i complete the other steps you wanted me to now?
  • 0

#15
RKinner
Posted 28 December 2011 - 02:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If you are on line let's give it the full treatment to make sure the bug is gone:


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP