Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista Antivirus 2012


  • Please log in to reply

#1
Kristi2565

Kristi2565

    Member

  • Member
  • PipPip
  • 39 posts
This bug is taking over. I cant run Firefox. Found a fake registry key to fool bug. I was able to download OTL but it would only run is safe mode. Here is the out put. Thanks for any help you can provide. Its close to five here in Texas so I am "fixin" to go home but will be back in the morning.


OTL logfile created on: 12/15/2011 4:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rhizogen\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 77.89% Memory free
3.74 Gb Paging File | 3.50 Gb Available in Paging File | 93.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.04 Gb Total Space | 86.20 Gb Free Space | 64.79% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 7.38 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive E: | 1.96 Gb Total Space | 1.75 Gb Free Space | 89.13% Space Free | Partition Type: NTFS

Computer Name: TRP-FEB09 | User Name: rhizogen | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 14:34:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rhizogen\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/12/07 17:12:26 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/10/07 05:49:23 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/07 05:49:08 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/11/08 11:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/02/06 00:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:49:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/08/16 16:48:30 | 000,059,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/05/11 09:55:10 | 000,263,888 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/03/10 09:08:22 | 000,233,976 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2010/09/17 14:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 14:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/04/10 22:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/03/24 16:14:50 | 003,520,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 20:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/12/03 05:19:08 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/11/26 15:31:04 | 000,074,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2007/07/16 15:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 15:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/06/29 16:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/30 04:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atipcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://toolbar.inbox...nguage=en&qkw="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll (Fun Web Products, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/25 08:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/14 15:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/14 15:30:32 | 000,000,000 | ---D | M]

[2010/05/27 08:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Extensions
[2011/12/14 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Firefox\Profiles\6zgw1gw8.default\extensions
[2010/06/07 06:35:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Firefox\Profiles\6zgw1gw8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 14:07:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Firefox\Profiles\6zgw1gw8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/20 14:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/20 14:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/25 08:41:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/20 14:06:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2011/12/15 10:54:04 | 000,000,036 | ---- | M]) - C:\windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\rhizogen\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Add to AVI Video Converter... - C:\Program Files\Media Player Utilities 4.29\AMVConverter\grab.html ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Fun Web Products Installer Start)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25108261-8D72-49CC-80B9-4C97455452C0}: NameServer = 68.28.186.91,68.28.178.91
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 11:25:05 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/12/15 11:25:05 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/12/15 11:25:04 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/12/15 11:25:04 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/12/15 11:24:55 | 000,263,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/12/15 11:24:55 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/12/15 11:24:53 | 000,233,976 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011/12/15 11:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/15 11:24:48 | 000,070,664 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/12/15 11:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/15 11:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/12/15 11:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/15 11:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/15 11:23:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\sdtmp
[2011/12/14 17:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/12/14 17:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/12/14 17:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/12/14 17:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/12/07 17:12:22 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll

========== Files - Modified Within 30 Days ==========

[2011/12/15 16:20:46 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/15 16:20:46 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/15 16:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/15 16:11:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/15 16:11:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/15 13:30:59 | 000,499,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 11:27:05 | 002,301,538 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/15 11:24:53 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/15 10:54:04 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/14 16:59:35 | 000,010,092 | -HS- | M] () -- C:\Users\rhizogen\AppData\Local\207852c7x280j712u053h5fiw4h1
[2011/12/14 16:59:35 | 000,010,092 | -HS- | M] () -- C:\ProgramData\207852c7x280j712u053h5fiw4h1
[2011/12/14 16:08:16 | 000,002,633 | ---- | M] () -- C:\Users\rhizogen\Desktop\Microsoft Office Outlook 2007.lnk
[2011/12/14 11:43:19 | 000,329,728 | ---- | M] () -- C:\Users\rhizogen\AppData\Local\xax.exe
[2011/12/14 09:04:03 | 000,002,619 | ---- | M] () -- C:\Users\rhizogen\Desktop\Microsoft Office Groove 2007.lnk
[2011/12/13 15:11:07 | 000,002,627 | ---- | M] () -- C:\Users\rhizogen\Desktop\Microsoft Office Word 2007.lnk
[2011/12/07 17:12:22 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/12/07 17:12:22 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/12/07 17:12:22 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/12/07 17:12:22 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/12/07 17:12:22 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/12/07 17:12:22 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/12/07 17:12:22 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/12/07 17:12:20 | 000,740,392 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/12/07 17:12:20 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/12/07 17:12:20 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/12/07 17:12:20 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/12/07 17:12:20 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll

========== Files Created - No Company Name ==========

[2011/12/15 11:25:25 | 002,301,538 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/15 11:24:53 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/14 11:43:19 | 000,329,728 | ---- | C] () -- C:\Users\rhizogen\AppData\Local\xax.exe
[2011/12/14 11:43:19 | 000,010,092 | -HS- | C] () -- C:\Users\rhizogen\AppData\Local\207852c7x280j712u053h5fiw4h1
[2011/12/14 11:43:19 | 000,010,092 | -HS- | C] () -- C:\ProgramData\207852c7x280j712u053h5fiw4h1
[2011/03/09 09:41:11 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/09 09:39:30 | 000,000,308 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/09 09:39:30 | 000,000,163 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/09 09:39:30 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7840w.dat
[2011/03/09 09:36:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/03/09 09:36:46 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/03/09 09:36:42 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/09 09:36:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/09 09:36:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/03/09 08:18:31 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/03/12 10:21:52 | 000,000,031 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2010/03/02 15:05:22 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/02/04 12:00:56 | 000,145,568 | ---- | C] () -- C:\Windows\hppins08.dat
[2010/02/04 12:00:56 | 000,001,116 | ---- | C] () -- C:\Windows\hppmdl08.dat
[2010/02/04 12:00:49 | 000,000,685 | ---- | C] () -- C:\Windows\System32\hppapr08.dat
[2010/01/28 16:29:04 | 000,127,266 | ---- | C] () -- C:\Windows\hpwins21.dat.temp
[2010/01/28 16:29:04 | 000,000,428 | ---- | C] () -- C:\Windows\hpwmdl21.dat.temp
[2010/01/28 15:28:28 | 000,127,410 | ---- | C] () -- C:\Windows\hpwins21.dat
[2010/01/28 15:28:17 | 000,000,428 | ---- | C] () -- C:\Windows\hpwmdl21.dat
[2010/01/25 09:48:13 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/09/23 23:00:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 23:00:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 22:59:17 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/03 11:14:12 | 000,116,837 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/20 12:31:55 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/03/04 10:34:29 | 000,000,187 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2009/03/04 10:33:30 | 000,000,719 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009/03/04 10:32:36 | 000,153,577 | ---- | C] () -- C:\Windows\hppins08.dat.temp
[2009/03/04 10:32:36 | 000,001,116 | ---- | C] () -- C:\Windows\hppmdl08.dat.temp
[2009/03/04 10:12:50 | 000,023,552 | ---- | C] () -- C:\Users\rhizogen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 11:24:07 | 000,081,920 | ---- | C] () -- C:\Windows\System32\pwbsp.dll
[2009/03/03 11:24:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\bioapi_dummy100.dll
[2009/03/03 11:24:06 | 000,131,072 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2009/03/03 11:24:06 | 000,094,208 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2009/03/03 11:23:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ATRauthentec.dll
[2009/02/17 08:00:43 | 000,001,757 | ---- | C] () -- C:\Windows\ads.ini
[2009/02/17 07:59:45 | 000,000,158 | ---- | C] () -- C:\Windows\FUS.INI
[2009/02/12 17:02:01 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2009/02/12 16:58:23 | 000,153,507 | ---- | C] () -- C:\Windows\System32\hppins08.dat
[2009/02/12 15:45:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/06 00:56:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/02/06 00:56:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/02/06 00:56:12 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/02/06 00:56:12 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/02/06 00:56:12 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/02/06 00:56:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/02/06 00:47:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/02/06 00:34:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/02/06 00:34:35 | 000,166,450 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/02/06 00:34:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/02/06 00:34:35 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/06 00:34:35 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2006/11/02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:43 | 000,499,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/06 09:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll

========== LOP Check ==========

[2009/03/17 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Autodesk
[2011/03/24 13:28:33 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Blackberry Desktop
[2009/03/05 08:46:30 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/17 16:34:56 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\InterVideo
[2009/06/16 12:47:12 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Netscape
[2011/04/25 15:33:48 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\PC-FAX TX
[2010/11/30 09:26:04 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Research In Motion
[2011/03/24 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\ScanSoft
[2011/12/13 17:11:42 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Smilebox
[2011/12/14 15:19:26 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
[2011/12/14 11:43:19 | 000,329,728 | ---- | C] () -- C:\Users\rhizogen\AppData\Local\xax.exe
[2011/12/14 11:43:19 | 000,010,092 | -HS- | C] () -- C:\Users\rhizogen\AppData\Local\207852c7x280j712u053h5fiw4h1
[2011/12/14 11:43:19 | 000,010,092 | -HS- | C] () -- C:\ProgramData\207852c7x280j712u053h5fiw4h1

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Users\rhizogen\AppData\Local\*.exe
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\windsock2.reg /c
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
completed Combofix. here is output. Moving on to next step Thanks

ComboFix 11-12-16.02 - rhizogen 12/16/2011 13:13:44.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.882 [GMT -6:00]
Running from: c:\users\rhizogen\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\rhizogen\AppData\Local\xax.exe
c:\users\rhizogen\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{362BF8E2-5FC3-45A8-A9C3-789628F23390}\1033.MST
c:\windows\Downloaded Installations\BMP\{362BF8E2-5FC3-45A8-A9C3-789628F23390}\BMP.msi
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 19:20 . 2011-12-16 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 15:06 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-16 13:04 . 2011-12-16 13:04 36352 ----a-w- c:\windows\system32\iN8RG.exe
2011-12-15 17:23 . 2011-12-15 17:46 -------- d-----w- c:\windows\system32\sdtmp
2011-12-15 04:05 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 04:05 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 04:04 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 04:03 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 04:03 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 04:01 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 04:01 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 08:10 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BB067C9-E1A7-46CA-BF50-F87E60497AB4}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 11:49 . 2011-03-09 19:59 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 11:49 . 2011-03-09 19:59 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-07 11:49 . 2011-03-09 19:59 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 11:49 . 2011-03-09 19:59 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-20 21:02 . 2011-11-09 11:52 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SmileboxTray"="c:\users\rhizogen\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-12-01 313160]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-07-11 73728]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-22 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Attendance Rx.lnk - c:\program files\Acroprint\Attendance Rx\AttendanceRx.exe [2009-3-3 5742592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-07-16 20504]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-07 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-09-17 180736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmdt
IE: Add to AVI Video Converter... - c:\program files\Media Player Utilities 4.29\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{25108261-8D72-49CC-80B9-4C97455452C0}: NameServer = 68.28.186.91,68.28.178.91
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\rhizogen\AppData\Roaming\Mozilla\Firefox\Profiles\6zgw1gw8.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80179&language=en&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-16 13:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-16 13:23:24
ComboFix-quarantined-files.txt 2011-12-16 19:23
.
Pre-Run: 94,738,669,568 bytes free
Post-Run: 95,112,884,224 bytes free
.
- - End Of File - - 29532556D08913DDC57C4F627D8BE502
  • 0

#4
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Fix button NOT enabled.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-16 14:20:47
-----------------------------
14:20:47.598 OS Version: Windows 6.0.6002 Service Pack 2
14:20:47.598 Number of processors: 2 586 0x6B02
14:20:47.598 ComputerName: TRP-FEB09 UserName: rhizogen
14:20:48.378 Initialze error 0
14:41:27.656 AVAST engine defs: 11121601
15:02:24.049 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:02:24.049 Disk 0 Vendor: Hitachi_HDP725016GLA380 GMBOA5KA Size: 152627MB BusType: 3
15:02:26.061 Disk 0 MBR read successfully
15:02:26.061 Disk 0 MBR scan
15:02:26.061 Disk 0 Windows VISTA default MBR code
15:02:26.061 Disk 0 scanning sectors +312578048
15:02:26.092 Disk 0 scanning C:\Windows\system32\drivers
15:02:26.092 Service scanning
15:02:27.403 Modules scanning
15:02:27.824 Scan finished successfully
15:03:01.551 Disk 0 MBR has been saved successfully to "C:\Users\rhizogen\Desktop\MBR.dat"
15:03:01.551 The log file has been saved successfully to "C:\Users\rhizogen\Desktop\aswMBR.txt"
  • 0

#5
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Malwarebytes log output

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8382

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/16/2011 3:22:12 PM
mbam-log-2011-12-16 (15-22-12).txt

Scan type: Quick scan
Objects scanned: 166499
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\rhizogen\AppData\Local\xax.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\rhizogen\documents\downloads\codec-c (94).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\Users\rhizogen\documents\downloads\loaderav_2004-2_rs5(2).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rhizogen\documents\downloads\loaderav_2004-2_rs5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\rhizogen\documents\downloads\popularscreensavers(2).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Users\rhizogen\documents\downloads\popularscreensavers.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\windows\System32\iN8RG.exe (Trojan.Email) -> Quarantined and deleted successfully.
c:\Users\rhizogen\downloads\myfuncards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Have you got a final OTL Quickscan for me?
  • 0

#7
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
After running the Malwarebytes have been unable to boot except in safe mode.
  • 0

#8
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Copied fixes to a flash drive to move to infected machine. Still unable to boot except in safe mode. Not sure what to do next.
  • 0

#9
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here is the screenshot. What's our next step??
  • 0

#10
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
here let me try again.

Attached Thumbnails

  • Screenshot.JPG

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
OTL, Quickscan log?

TDSSKiller log?

Run Combofix again and post the new log.
  • 0

#12
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ok. Here we go.

Here is the OTL Quick Scan Log ran this morning.

OTL logfile created on: 12/20/2011 7:51:12 AM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rhizogen\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 78.97% Memory free
3.74 Gb Paging File | 3.52 Gb Available in Paging File | 94.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.04 Gb Total Space | 89.95 Gb Free Space | 67.61% Space Free | Partition Type: NTFS
Drive D: | 14.05 Gb Total Space | 7.38 Gb Free Space | 52.54% Space Free | Partition Type: NTFS
Drive E: | 1.96 Gb Total Space | 1.75 Gb Free Space | 89.13% Space Free | Partition Type: NTFS

Computer Name: TRP-FEB09 | User Name: rhizogen | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/15 14:34:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rhizogen\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/10/07 05:49:23 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/07 05:49:08 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/08 11:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/02/06 00:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:49:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/17 14:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 14:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/04/10 22:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/03/24 16:14:50 | 003,520,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 20:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/12/03 05:19:08 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/11/26 15:31:04 | 000,074,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2007/07/16 15:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 15:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/06/29 16:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/30 04:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atipcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://toolbar.inbox...nguage=en&qkw="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/25 08:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/14 15:30:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/14 15:30:32 | 000,000,000 | ---D | M]

[2010/05/27 08:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Extensions
[2011/12/14 11:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Firefox\Profiles\6zgw1gw8.default\extensions
[2010/06/07 06:35:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Firefox\Profiles\6zgw1gw8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 14:07:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\rhizogen\AppData\Roaming\mozilla\Firefox\Profiles\6zgw1gw8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/20 14:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/20 14:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/25 08:41:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/20 14:06:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2011/12/16 13:20:34 | 000,000,027 | ---- | M]) - C:\windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\rhizogen\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AVI Video Converter... - C:\Program Files\Media Player Utilities 4.29\AMVConverter\grab.html ()
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25108261-8D72-49CC-80B9-4C97455452C0}: NameServer = 68.28.186.91,68.28.178.91
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 12:36:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/19 11:54:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/19 11:45:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/19 09:07:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/16 15:14:13 | 000,000,000 | ---D | C] -- C:\Users\rhizogen\AppData\Roaming\Malwarebytes
[2011/12/16 15:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 15:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 15:14:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/16 15:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/16 15:08:46 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\rhizogen\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/16 14:20:05 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\rhizogen\Desktop\aswMBR.exe
[2011/12/16 14:17:54 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rhizogen\Desktop\tdsskiller.exe
[2011/12/16 09:14:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/16 09:00:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/16 09:00:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/16 09:00:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/16 09:00:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/16 09:00:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/15 11:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/15 11:23:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\sdtmp

========== Files - Modified Within 30 Days ==========

[2011/12/19 13:59:57 | 000,606,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/19 13:59:57 | 000,104,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/19 13:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/19 12:37:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 12:37:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 09:43:53 | 000,000,680 | ---- | M] () -- C:\Users\rhizogen\AppData\Local\d3d9caps.dat
[2011/12/19 09:07:30 | 000,132,442 | ---- | M] () -- C:\Users\rhizogen\Desktop\windsock2.reg
[2011/12/16 15:14:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/16 15:12:03 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\rhizogen\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/16 15:03:01 | 000,000,512 | ---- | M] () -- C:\Users\rhizogen\Desktop\MBR.dat
[2011/12/16 14:20:34 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\rhizogen\Desktop\aswMBR.exe
[2011/12/16 14:17:54 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rhizogen\Desktop\tdsskiller.exe
[2011/12/16 13:20:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/16 09:21:45 | 000,000,864 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/12/16 09:21:44 | 000,001,488 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/16 07:04:18 | 000,000,000 | ---- | M] () -- C:\ProgramData\856cIb85.dat
[2011/12/15 13:30:59 | 000,499,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 11:27:05 | 002,301,538 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/14 16:08:16 | 000,002,633 | ---- | M] () -- C:\Users\rhizogen\Desktop\Microsoft Office Outlook 2007.lnk
[2011/12/14 09:04:03 | 000,002,619 | ---- | M] () -- C:\Users\rhizogen\Desktop\Microsoft Office Groove 2007.lnk
[2011/12/13 15:11:07 | 000,002,627 | ---- | M] () -- C:\Users\rhizogen\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2011/12/19 09:07:30 | 000,132,442 | ---- | C] () -- C:\Users\rhizogen\Desktop\windsock2.reg
[2011/12/16 15:59:14 | 000,000,680 | ---- | C] () -- C:\Users\rhizogen\AppData\Local\d3d9caps.dat
[2011/12/16 15:14:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/16 15:03:01 | 000,000,512 | ---- | C] () -- C:\Users\rhizogen\Desktop\MBR.dat
[2011/12/16 09:21:13 | 000,000,864 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/12/16 09:18:17 | 000,001,488 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/16 09:00:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/16 09:00:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/16 09:00:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/16 09:00:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/16 09:00:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/16 07:04:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\856cIb85.dat
[2011/12/15 11:25:25 | 002,301,538 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/09 09:41:11 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/09 09:39:30 | 000,000,308 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/09 09:39:30 | 000,000,163 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/09 09:39:30 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7840w.dat
[2011/03/09 09:36:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/03/09 09:36:46 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/03/09 09:36:42 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/09 09:36:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/09 09:36:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/03/09 08:18:31 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/03/12 10:21:52 | 000,000,031 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2010/03/02 15:05:22 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/02/04 12:00:56 | 000,145,568 | ---- | C] () -- C:\Windows\hppins08.dat
[2010/02/04 12:00:56 | 000,001,116 | ---- | C] () -- C:\Windows\hppmdl08.dat
[2010/02/04 12:00:49 | 000,000,685 | ---- | C] () -- C:\Windows\System32\hppapr08.dat
[2010/01/28 16:29:04 | 000,127,266 | ---- | C] () -- C:\Windows\hpwins21.dat.temp
[2010/01/28 16:29:04 | 000,000,428 | ---- | C] () -- C:\Windows\hpwmdl21.dat.temp
[2010/01/28 15:28:28 | 000,127,410 | ---- | C] () -- C:\Windows\hpwins21.dat
[2010/01/28 15:28:17 | 000,000,428 | ---- | C] () -- C:\Windows\hpwmdl21.dat
[2010/01/25 09:48:13 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/09/23 23:00:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 23:00:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 22:59:17 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/03 11:14:12 | 000,116,837 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/20 12:31:55 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/03/04 10:34:29 | 000,000,187 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2009/03/04 10:33:30 | 000,000,719 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009/03/04 10:32:36 | 000,153,577 | ---- | C] () -- C:\Windows\hppins08.dat.temp
[2009/03/04 10:32:36 | 000,001,116 | ---- | C] () -- C:\Windows\hppmdl08.dat.temp
[2009/03/04 10:12:50 | 000,023,552 | ---- | C] () -- C:\Users\rhizogen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 11:24:07 | 000,081,920 | ---- | C] () -- C:\Windows\System32\pwbsp.dll
[2009/03/03 11:24:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\bioapi_dummy100.dll
[2009/03/03 11:24:06 | 000,131,072 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2009/03/03 11:24:06 | 000,094,208 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2009/03/03 11:23:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ATRauthentec.dll
[2009/02/17 08:00:43 | 000,001,757 | ---- | C] () -- C:\Windows\ads.ini
[2009/02/17 07:59:45 | 000,000,158 | ---- | C] () -- C:\Windows\FUS.INI
[2009/02/12 17:02:01 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2009/02/12 16:58:23 | 000,153,507 | ---- | C] () -- C:\Windows\System32\hppins08.dat
[2009/02/12 15:45:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/06 00:56:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/02/06 00:56:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/02/06 00:56:12 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/02/06 00:56:12 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/02/06 00:56:12 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/02/06 00:56:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/02/06 00:47:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/02/06 00:34:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/02/06 00:34:35 | 000,166,450 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/02/06 00:34:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/02/06 00:34:35 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/06 00:34:35 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[2006/11/02 06:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:43 | 000,499,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,606,420 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,430 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/06 09:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll

========== LOP Check ==========

[2009/03/17 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Autodesk
[2011/03/24 13:28:33 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Blackberry Desktop
[2009/03/05 08:46:30 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/17 16:34:56 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\InterVideo
[2009/06/16 12:47:12 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Netscape
[2011/04/25 15:33:48 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\PC-FAX TX
[2010/11/30 09:26:04 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Research In Motion
[2011/03/24 13:48:06 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\ScanSoft
[2011/12/13 17:11:42 | 000,000,000 | ---D | M] -- C:\Users\rhizogen\AppData\Roaming\Smilebox
[2011/12/16 15:29:39 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#13
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Ran TDSSKiller. No threats found. No report found.

Edited by Kristi2565, 20 December 2011 - 08:10 AM.

  • 0

#14
Kristi2565

Kristi2565

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Here is the ComboFix Log also ran this morning.

ComboFix 11-12-16.02 - rhizogen 12/20/2011 8:03.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.1242 [GMT -6:00]
Running from: c:\users\rhizogen\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 14:08 . 2011-12-20 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 15:07 . 2011-12-19 15:07 -------- d-----w- C:\_OTL
2011-12-16 21:14 . 2011-12-16 21:14 -------- d-----w- c:\users\rhizogen\AppData\Roaming\Malwarebytes
2011-12-16 21:14 . 2011-12-16 21:14 -------- d-----w- c:\programdata\Malwarebytes
2011-12-16 21:14 . 2011-12-16 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-16 21:14 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-16 15:06 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-15 17:23 . 2011-12-15 17:46 -------- d-----w- c:\windows\system32\sdtmp
2011-12-15 04:05 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 04:05 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 04:04 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 04:03 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 04:03 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 04:01 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 04:01 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 08:10 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BB067C9-E1A7-46CA-BF50-F87E60497AB4}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 11:49 . 2011-03-09 19:59 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 11:49 . 2011-03-09 19:59 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-07 11:49 . 2011-03-09 19:59 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 11:49 . 2011-03-09 19:59 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SmileboxTray"="c:\users\rhizogen\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-12-01 313160]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-07-11 73728]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-02-22 44168]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Attendance Rx.lnk - c:\program files\Acroprint\Attendance Rx\AttendanceRx.exe [2009-3-3 5742592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 ebxeq;ebxeq;c:\windows\System32\drivers\bofntmc.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-07 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-07-16 20504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-09-17 180736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 01203195
*Deregistered* - 01203195
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmdt
IE: Add to AVI Video Converter... - c:\program files\Media Player Utilities 4.29\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{25108261-8D72-49CC-80B9-4C97455452C0}: NameServer = 68.28.186.91,68.28.178.91
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\users\rhizogen\AppData\Roaming\Mozilla\Firefox\Profiles\6zgw1gw8.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80179&language=en&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 08:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-20 08:11:10
ComboFix-quarantined-files.txt 2011-12-20 14:11
ComboFix2.txt 2011-12-19 17:55
ComboFix3.txt 2011-12-16 19:23
.
Pre-Run: 96,557,330,432 bytes free
Post-Run: 96,530,624,512 bytes free
.
- - End Of File - - E19EE58887D849FDC9CC5DD4F987B7DA
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\System32\drivers\bofntmc.sys
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

Driver::
ebxeq
McComponentHostService


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 




attach the file \windows\logs\cbs\junk.txt to your next reply.
This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP or Continue.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP