Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot connect to internet after Microsoft Essential Cleanup


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Start, (All) Programs, Accessories, Command Prompt (Vista/Win7 must right click on Command Prompt and Run As Admin.) Type with an Enter after each line

sc  query  netbt

sc  query  tcpip

sc  query  afd

Do all three say they are running?
  • 0

Advertisements


#17
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Netbt is the only one that is not running, states that it's stopped.
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I bet you are missing the legacy piece of netbt too. Download and save the attached Legacy_netbt.zip file. Right click on it and Extract All. Right click on the Legacy_netbt.reg file and MERGE.

Reboot.
  • 0

#19
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I couldn't merge legacy_netbt ... "Error accessing the registry".
  • 0

#20
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'm the only user on this PC and so I have permission for access. In either case, I updated the permissions on the regedit to be safe but no go. I still receive the error message.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Start, Run, regedit, OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

(Click on the + in front of HKEY_LOCAL_MACHINE then on the + in front of SYSTEM then on the + in front of CurrentControlSet then the + in front of Enum. Click on Root.)

Right click on Root and select Permissions.

Click on Advanced. Click on the Owner tab. Current Owner should be Administrators If not click on Administrators in the Change Owner to: box. Check the box about subcontainers. OK.
You should be back at the Permissions window. Click on Administrators. Click on Full Control in the Allow column. OK.
Click on the + in front of Root. If the key LEGACY_NETBT exists, right click on it and Delete.
Close regedit. Reboot.

See if you can now merge the key.
  • 0

#22
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, I was able to merge legacy_netbt.
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
sc  query  netbt

sc  query  dhcp

Either or both now running?
  • 0

#24
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Neither are running. Both are showing stopped.
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
sc  start  netbt

What error does it give you?
  • 0

Advertisements


#26
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Actually none! Entered sc start netbt and shows running. Ran sc query netbt and it now shows running.

So, I started dhcp and received "running", entered sc query dhcp and received the "your pc is now connected". WHEW!!!! :o I'm able to access the internet now.

Thank you SO much Ron for you assistance and patience (especially with your help over the holiday weekend).
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#28
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

OTL Scan


OTL logfile created on: 12/26/2011 11:38:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.01% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 5.81 Gb Free Space | 7.80% Space Free | Partition Type: NTFS
Drive D: | 96.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GABE-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 23:35:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/01 11:14:27 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/09/28 18:25:59 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/10 17:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 15:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/08/30 08:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/03/25 20:33:34 | 000,458,865 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/04/14 01:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/17 18:15:30 | 001,732,608 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8053\Belkinwcui.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/10 08:29:05 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/12/10 08:28:55 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/12/10 08:28:55 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/12/10 08:28:55 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/12/10 08:28:55 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/12/07 05:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 05:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 05:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 05:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 05:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 01:22:33 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/01/10 17:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/01/10 17:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/09/10 11:38:32 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F5D8053\BelkinwcuiDLL.dll
MOD - [2007/03/30 00:00:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Belkin\F5D8053\BelkinHWStatus.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/28 18:25:59 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/04/07 16:06:40 | 000,241,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2010/03/25 20:33:34 | 001,643,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/07/28 14:50:36 | 000,517,632 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..keyword.URL: "http://zinkwink.com/...wbho&keywords="
FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://zinkwink.com/...wbho&keywords="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/08 21:01:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/08 21:01:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 08:15:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/25 18:27:32 | 000,000,000 | ---D | M]

[2011/01/26 20:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/12/05 23:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions
[2011/12/05 23:08:38 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2011/07/01 16:04:51 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]
[2011/04/17 15:16:09 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]
[2011/11/16 08:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/16 08:15:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 18:25:59 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/08 16:32:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/16 08:15:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/26 14:27:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe (Belkin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E387FAFC-FACF-4C03-9A1F-8C1B7CC918BC}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/26 18:33:48 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/11/07 11:34:14 | 000,000,081 | RH-- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjb.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjb.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 23:35:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/12/26 19:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Legacy_netbt
[2011/12/26 19:24:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/12/26 14:50:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/26 14:50:18 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/26 14:48:22 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/12/26 14:38:57 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/12/26 14:38:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/26 14:26:34 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2011/12/26 14:13:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/26 14:13:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/26 14:13:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/26 14:13:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/26 14:12:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 14:11:48 | 004,353,042 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/12/26 14:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\netbt
[2011/12/23 09:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin
[2011/12/23 09:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2011/12/21 13:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Star Wars - The Old Republic
[2011/12/19 14:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2011/12/19 14:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/19 13:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/13 14:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2011/12/13 14:54:10 | 000,606,544 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Administrator\My Documents\ChromeSetup.exe
[2011/12/09 13:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Personal
[2011/11/27 00:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SWTOR
[2011/11/27 00:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\HeroBlade Logs
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 23:35:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/12/26 23:01:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/12/26 22:59:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1957994488-1606980848-500UA.job
[2011/12/26 20:24:36 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 20:24:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 19:38:16 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Legacy_netbt.zip
[2011/12/26 19:27:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/26 19:16:30 | 000,664,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit50562.msi
[2011/12/26 14:59:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1957994488-1606980848-500Core.job
[2011/12/26 14:50:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 14:28:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/26 14:27:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/26 14:27:46 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/12/26 14:13:16 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/12/26 14:07:02 | 004,353,042 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/12/24 09:43:10 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\netbt.zip
[2011/12/23 11:19:04 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/23 09:24:38 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2011/12/23 09:24:38 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2011/12/19 14:54:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/19 14:14:24 | 000,174,920 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011/12/19 14:14:24 | 000,165,780 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011/12/19 14:06:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/12/19 13:30:02 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Downloads.lnk
[2011/12/19 13:16:55 | 000,018,402 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s1qr71m2it4nvu
[2011/12/19 13:16:54 | 000,018,402 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\s1qr71m2it4nvu
[2011/12/15 11:42:56 | 000,001,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[2011/12/13 14:56:43 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/12/13 14:56:43 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/13 14:54:11 | 000,606,544 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\My Documents\ChromeSetup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/26 19:38:50 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Legacy_netbt.zip
[2011/12/26 19:17:54 | 000,664,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit50562.msi
[2011/12/26 14:50:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 14:13:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/26 14:13:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/26 14:13:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/26 14:13:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/26 14:13:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 09:45:00 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\netbt.zip
[2011/12/23 09:24:38 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2011/12/23 09:24:38 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
[2011/12/19 14:11:27 | 000,174,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011/12/19 14:11:24 | 000,165,780 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011/12/19 14:06:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/12/19 13:51:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/19 13:30:00 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Downloads.lnk
[2011/12/19 12:11:33 | 000,018,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s1qr71m2it4nvu
[2011/12/19 12:11:32 | 000,018,402 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\s1qr71m2it4nvu
[2011/12/15 11:42:56 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Star Wars - The Old Republic.lnk
[2011/12/13 14:55:19 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/12/13 14:55:19 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/13 14:54:21 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1957994488-1606980848-500UA.job
[2011/12/13 14:54:21 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1957994488-1606980848-500Core.job
[2011/11/23 20:01:48 | 000,000,620 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/10/31 21:21:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/10/31 19:24:25 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ENX130.ini
[2011/07/06 17:06:06 | 000,015,382 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\c4t8c50vv12a1
[2011/07/05 22:08:35 | 000,015,382 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c4t8c50vv12a1
[2011/07/05 22:08:35 | 000,015,370 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\c4t8c50vv12a1
[2011/06/29 18:56:47 | 000,016,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5531y3vdwd7p14076e73122
[2011/06/29 18:56:47 | 000,016,936 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\5531y3vdwd7p14076e73122
[2011/06/25 16:57:46 | 000,015,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\22500634ug8u87c8e64k6l3sf3v
[2011/06/25 16:57:46 | 000,015,966 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\22500634ug8u87c8e64k6l3sf3v
[2011/05/07 13:56:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/05/02 20:25:47 | 000,000,302 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/04/24 11:05:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/04/16 11:59:43 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/04/16 11:59:43 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/04/16 11:59:40 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19521332
[2011/04/12 21:43:23 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/02/27 17:25:33 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/26 20:25:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/26 20:21:19 | 000,252,080 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/26 20:21:17 | 000,252,080 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/26 20:21:17 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/26 20:21:12 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/26 18:35:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/26 18:30:48 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/26 12:24:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/26 12:23:20 | 000,101,440 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 01:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 01:00:00 | 000,311,934 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 01:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 01:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 01:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 01:00:00 | 000,040,196 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 01:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 01:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 01:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 01:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/13 05:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2006/06/20 21:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/04/15 05:52:33 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 05:52:33 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

< End of report >

OTL Extras Log



OTL Extras logfile created on: 12/26/2011 11:38:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.01% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 5.81 Gb Free Space | 7.80% Space Free | Partition Type: NTFS
Drive D: | 96.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GABE-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjb.exe" -a "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjb.exe" -a "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe:*:Enabled:SWTOR Launcher -- (BioWare)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate™ II - Shadows of Amn™
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Caesar 3_is1" = Caesar 3
"Close Combat 3.00" = Microsoft Close Combat III
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"DivX Setup.divx.com" = DivX Setup
"EPSON NX130 Series" = EPSON NX130 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Foxit Reader" = Foxit Reader
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pidgin" = Pidgin
"Sierra Utilities" = Sierra Utilities
"Steam App 10500" = Empire: Total War
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

VEW System Log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/12/2011 8:32:31 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2011 7:12:26 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: NetBT

Log: 'System' Date/Time: 27/12/2011 7:12:24 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 27/12/2011 7:12:24 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 27/12/2011 7:12:24 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

VEW Applications Log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/12/2011 8:34:05 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Looks like the infection is still active. You may need to restore the netbt again.

Uninstall:
Adobe Flash Player 10 ActiveX - obsolete get newest from adobe.com
Ask Toolbar - foistware
Bing Bar - foistware
logmein - broken


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
[2011/12/05 23:08:38 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2011/07/01 16:04:51 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]
[2011/04/17 15:16:09 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjb.exe" -a "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjb.exe" -a "%1" %*
[2011/12/26 23:01:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/12/19 13:16:55 | 000,018,402 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s1qr71m2it4nvu
[2011/12/19 13:16:54 | 000,018,402 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\s1qr71m2it4nvu
[2011/07/06 17:06:06 | 000,015,382 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\c4t8c50vv12a1
[2011/07/05 22:08:35 | 000,015,382 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c4t8c50vv12a1
[2011/07/05 22:08:35 | 000,015,370 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\c4t8c50vv12a1
[2011/06/29 18:56:47 | 000,016,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5531y3vdwd7p14076e73122
[2011/06/29 18:56:47 | 000,016,936 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\5531y3vdwd7p14076e73122
[2011/06/25 16:57:46 | 000,015,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\22500634ug8u87c8e64k6l3sf3v
[2011/06/25 16:57:46 | 000,015,966 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\22500634ug8u87c8e64k6l3sf3v
[2011/04/16 11:59:43 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332r
[2011/04/16 11:59:43 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19521332
[2011/04/16 11:59:40 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19521332


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.exe
sc config LMIRfsClientNP start= disabled /c
sc config LMIRfsDriver start= disabled /c
sc query netbt /c
sc query dhcp /c
sc query tcpip /c
sc query afd /c
net start /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Run Combofix again as before and post the log.

Ron
  • 0

#30
RUSTslash

RUSTslash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Updated Adobe, and uninstalled the programs.

Here are the logs:

OTL


========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\searchplugin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\modules folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\META-INF folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\skin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\locale folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\content folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\components folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Documents and Settings\NetworkService\Local Settings\Application Data\mjb.exe" -a "%1" %* not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Documents and Settings\All Users\Application Data\s1qr71m2it4nvu moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\s1qr71m2it4nvu moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\c4t8c50vv12a1 moved successfully.
C:\Documents and Settings\All Users\Application Data\c4t8c50vv12a1 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\c4t8c50vv12a1 moved successfully.
C:\Documents and Settings\All Users\Application Data\5531y3vdwd7p14076e73122 moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\5531y3vdwd7p14076e73122 moved successfully.
C:\Documents and Settings\All Users\Application Data\22500634ug8u87c8e64k6l3sf3v moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\22500634ug8u87c8e64k6l3sf3v moved successfully.
C:\Documents and Settings\All Users\Application Data\~19521332r moved successfully.
C:\Documents and Settings\All Users\Application Data\~19521332 moved successfully.
C:\Documents and Settings\All Users\Application Data\19521332 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.exe not found.
< sc config LMIRfsClientNP start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< sc config LMIRfsDriver start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< sc query netbt /c >
SERVICE_NAME: netbt
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< sc query dhcp /c >
SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< sc query tcpip /c >
SERVICE_NAME: tcpip
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< sc query afd /c >
SERVICE_NAME: afd
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< net start /c >
These Windows services are started:
Application Layer Gateway Service
Application Management
Automatic Updates
COM+ Event System
CryptSvc
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
HID Input Service
IPSEC Services
Logical Disk Manager
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
System Event Notification
System Restore Service
Task Scheduler
Telephony
Terminal Services
Themes
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation
The command completed successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 3064489 bytes

User: All Users

User: Default User
->Flash cache emptied: 56468 bytes

User: LocalService

User: LogMeInRemoteUser

User: NetworkService
->Flash cache emptied: 14416 bytes

Total Flash Files Cleaned = 3.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 3710 bytes

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12272011_093348

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Combofix


ComboFix 11-12-27.01 - Administrator 12/27/2011 9:53.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2760 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 15:33 . 2011-12-27 15:33 -------- d-----w- C:\_OTL
2011-12-26 20:50 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-26 20:26 . 2008-04-14 07:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-12-26 20:26 . 2008-04-14 07:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-23 15:25 . 2011-12-23 15:25 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-23 15:24 . 2011-12-23 15:24 -------- d-----w- c:\program files\Belkin
2011-12-19 20:49 . 2011-12-19 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2011-12-19 19:21 . 2011-12-19 19:21 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 15:40 . 2011-05-18 03:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 00:25 . 2011-09-29 00:26 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-29 00:25 . 2011-01-27 19:42 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-16 14:15 . 2011-09-26 00:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_20.28.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-27 15:53 . 2011-12-27 15:53 16384 c:\windows\temp\Perflib_Perfdata_738.dat
+ 2011-11-23 22:50 . 2011-12-27 15:40 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
- 2011-11-23 22:50 . 2011-11-23 22:50 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-01-28 02:43 . 2011-12-27 15:40 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2011-01-28 02:43 . 2011-11-23 22:50 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-10-01 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-26 458865]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-08-30 979328]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars - The Old Republic\\launcher.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/19/2011 1:31 PM 366152]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [4/7/2010 4:06 PM 241880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/26/2011 2:50 PM 22216]
S0 cerc6;cerc6; [x]
S1 MpKsl06b810b7;MpKsl06b810b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD96908B-848C-4037-9E4A-F7D85E8A715D}\MpKsl06b810b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD96908B-848C-4037-9E4A-F7D85E8A715D}\MpKsl06b810b7.sys [?]
S1 MpKsl1ac66141;MpKsl1ac66141;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15E08F71-9E2C-4CBB-BA4B-3D13581724C5}\MpKsl1ac66141.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15E08F71-9E2C-4CBB-BA4B-3D13581724C5}\MpKsl1ac66141.sys [?]
S1 MpKsl2bffa4f3;MpKsl2bffa4f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D76687A8-2DD4-410D-80B3-C8A235CF9676}\MpKsl2bffa4f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D76687A8-2DD4-410D-80B3-C8A235CF9676}\MpKsl2bffa4f3.sys [?]
S1 MpKsl3dd639ab;MpKsl3dd639ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9DE416-C5C0-4F39-98FE-7F33C212DF26}\MpKsl3dd639ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F9DE416-C5C0-4F39-98FE-7F33C212DF26}\MpKsl3dd639ab.sys [?]
S1 MpKsl3ee6b27e;MpKsl3ee6b27e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7E14D46-6847-4AB2-A92F-807E6098A183}\MpKsl3ee6b27e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7E14D46-6847-4AB2-A92F-807E6098A183}\MpKsl3ee6b27e.sys [?]
S1 MpKsl42c55817;MpKsl42c55817;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81B9A58F-B028-40F9-A332-950FC3CFE404}\MpKsl42c55817.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81B9A58F-B028-40F9-A332-950FC3CFE404}\MpKsl42c55817.sys [?]
S1 MpKsl4f969476;MpKsl4f969476;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50A89A6B-0244-42DD-8124-C3897BBD0D31}\MpKsl4f969476.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50A89A6B-0244-42DD-8124-C3897BBD0D31}\MpKsl4f969476.sys [?]
S1 MpKsl53b0eed7;MpKsl53b0eed7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15E08F71-9E2C-4CBB-BA4B-3D13581724C5}\MpKsl53b0eed7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15E08F71-9E2C-4CBB-BA4B-3D13581724C5}\MpKsl53b0eed7.sys [?]
S1 MpKsl5ba1b3be;MpKsl5ba1b3be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4ED82AD8-71A1-491F-9D4A-CDC659B4F0DF}\MpKsl5ba1b3be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4ED82AD8-71A1-491F-9D4A-CDC659B4F0DF}\MpKsl5ba1b3be.sys [?]
S1 MpKsl63898193;MpKsl63898193;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD418109-5F0E-4413-B106-51E225B31150}\MpKsl63898193.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD418109-5F0E-4413-B106-51E225B31150}\MpKsl63898193.sys [?]
S1 MpKsl76c2176a;MpKsl76c2176a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51C380B9-1139-4B35-995E-08D2C7B2549D}\MpKsl76c2176a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51C380B9-1139-4B35-995E-08D2C7B2549D}\MpKsl76c2176a.sys [?]
S1 MpKsl8773eb8e;MpKsl8773eb8e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD418109-5F0E-4413-B106-51E225B31150}\MpKsl8773eb8e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD418109-5F0E-4413-B106-51E225B31150}\MpKsl8773eb8e.sys [?]
S1 MpKsl935305f2;MpKsl935305f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59AF50C3-3217-4AA4-BC69-25665B0320E4}\MpKsl935305f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{59AF50C3-3217-4AA4-BC69-25665B0320E4}\MpKsl935305f2.sys [?]
S1 MpKsl9597717e;MpKsl9597717e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50A89A6B-0244-42DD-8124-C3897BBD0D31}\MpKsl9597717e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50A89A6B-0244-42DD-8124-C3897BBD0D31}\MpKsl9597717e.sys [?]
S1 MpKslb4ee7440;MpKslb4ee7440;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8588E8D6-820C-405E-A982-5E6F66E4E9B1}\MpKslb4ee7440.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8588E8D6-820C-405E-A982-5E6F66E4E9B1}\MpKslb4ee7440.sys [?]
S1 MpKslbf532416;MpKslbf532416;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D95AC20E-A1AD-49CE-93FA-59D855FC4C3D}\MpKslbf532416.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D95AC20E-A1AD-49CE-93FA-59D855FC4C3D}\MpKslbf532416.sys [?]
S1 MpKsldb37e6d8;MpKsldb37e6d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8588E8D6-820C-405E-A982-5E6F66E4E9B1}\MpKsldb37e6d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8588E8D6-820C-405E-A982-5E6F66E4E9B1}\MpKsldb37e6d8.sys [?]
S1 MpKsle513fdeb;MpKsle513fdeb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8128BD5-3111-4206-9ADB-407C1D48FC9E}\MpKsle513fdeb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8128BD5-3111-4206-9ADB-407C1D48FC9E}\MpKsle513fdeb.sys [?]
S1 MpKsle6f6e2b0;MpKsle6f6e2b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD96908B-848C-4037-9E4A-F7D85E8A715D}\MpKsle6f6e2b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD96908B-848C-4037-9E4A-F7D85E8A715D}\MpKsle6f6e2b0.sys [?]
S1 MpKsleb177773;MpKsleb177773;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A1437ABD-F1B5-4D21-9307-598510AD523B}\MpKsleb177773.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A1437ABD-F1B5-4D21-9307-598510AD523B}\MpKsleb177773.sys [?]
S1 MpKslf433ae2d;MpKslf433ae2d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D95AC20E-A1AD-49CE-93FA-59D855FC4C3D}\MpKslf433ae2d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D95AC20E-A1AD-49CE-93FA-59D855FC4C3D}\MpKslf433ae2d.sys [?]
S1 MpKslfde536e0;MpKslfde536e0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D76687A8-2DD4-410D-80B3-C8A235CF9676}\MpKslfde536e0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D76687A8-2DD4-410D-80B3-C8A235CF9676}\MpKslfde536e0.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1957994488-1606980848-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-13 20:54]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1957994488-1606980848-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-13 20:54]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wm26d1rp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://zinkwink.com/?tmp=redir_bho_bing&prt=corsairzwbho&keywords=
FF - user.js: keyword.URL - hxxp://zinkwink.com/?tmp=redir_bho_bing&prt=corsairzwbho&keywords=
FF - user.js: keyword.enabled - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-27 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1957994488-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,bf,48,94,86,3c,0d,4d,9e,35,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,96,36,0b,ba,90,a5,4c,88,a7,f6,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,bf,48,94,86,3c,0d,4d,9e,35,0c,\
.
[HKEY_USERS\S-1-5-21-1177238915-1957994488-1606980848-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,9f,58,1f,ae,42,c6,cf,9d,d5,3b,23,e3,c7,29,03,52,ea,4e,2a,22,f9,3a,
45,a4,73,fd,9e,5e,7d,49,fe,2c,2d,76,ca,47,5a,79,96,f8,73,1c,94,33,bf,f3,7d,\
"??"=hex:2a,6f,c1,59,11,da,5e,27,00,47,ac,c1,e7,b6,39,d0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,bf,48,94,86,3c,0d,4d,9e,35,0c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,bf,48,94,86,3c,0d,4d,9e,35,0c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-12-27 10:01:18
ComboFix-quarantined-files.txt 2011-12-27 16:01
ComboFix2.txt 2011-12-26 20:32
ComboFix3.txt 2011-12-19 21:25
.
Pre-Run: 6,147,063,808 bytes free
Post-Run: 6,141,411,328 bytes free
.
- - End Of File - - BAA0727043CCA5BD6DDF6296AC0F577B
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP