Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Security 2012 Stopped - Still Having Problems


  • Please log in to reply

#16
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, we got rid of Microsoft Office Click-to-Run 2010 and did everything else. Here are the logs. Thanks a lot.

OTL #1

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\WINDOWS\system32\nazojabo moved successfully.
C:\Documents and Settings\HELEN\Application Data\5C243 folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\7D520 folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\ArllONNtxPuc folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\JTXXwjjUClIB folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\kGG44amH6sWKfE folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\OvvDD2onF4am5sJ folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\PellIIBtzPN folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\q88ffRL9h folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\rZqqjYYCkIVz folder moved successfully.
C:\Documents and Settings\HELEN\Application Data\ulllOBttzPycSiD folder moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\nazojabo not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_204822

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL #2

OTL logfile created on: 12/29/2011 8:53:09 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HELEN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 467.91 Mb Available Physical Memory | 45.78% Memory free
2.41 Gb Paging File | 1.96 Gb Available in Paging File | 81.58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 66.71 Gb Free Space | 61.44% Space Free | Partition Type: NTFS
Drive D: | 36.59 Gb Total Space | 36.51 Gb Free Space | 99.80% Space Free | Partition Type: NTFS

Computer Name: HELEN | User Name: HELEN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 22:23:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HELEN\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/11 17:38:01 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/23 23:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/21 19:11:22 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/29 15:58:22 | 001,659,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122901\algo.dll
MOD - [2011/12/29 14:38:40 | 000,268,808 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11122901\aswRep.dll
MOD - [2011/11/23 23:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/11/23 23:05:26 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/14 04:46:26 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/09/14 04:46:20 | 000,209,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2009/09/05 11:23:34 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/06/19 20:31:34 | 000,456,384 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/05/20 14:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 14:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005/05/20 14:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2005/05/20 14:00:36 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/05/27 09:50:50 | 000,201,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2004/05/27 09:47:16 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.facebook.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\HELEN\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/24 16:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/11 17:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/28 22:06:45 | 000,000,000 | ---D | M]

[2008/08/27 13:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HELEN\Application Data\Mozilla\Extensions
[2011/12/28 21:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HELEN\Application Data\Mozilla\Firefox\Profiles\ujrlj6ky.default\extensions
[2010/07/20 19:15:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HELEN\Application Data\Mozilla\Firefox\Profiles\ujrlj6ky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/31 19:14:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HELEN\Application Data\Mozilla\Firefox\Profiles\ujrlj6ky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/05/05 17:29:31 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\HELEN\Application Data\Mozilla\Firefox\Profiles\ujrlj6ky.default\extensions\[email protected]
[2009/11/05 19:36:40 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\HELEN\Application Data\Mozilla\Firefox\Profiles\ujrlj6ky.default\searchplugins\bing.xml
[2011/12/27 09:25:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/27 09:25:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/12 16:32:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/11/18 15:15:06 | 000,106,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2008/07/19 18:36:01 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/09/30 18:53:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 19:23:54 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/12 16:32:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/28 21:56:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinn...d/bejeweled.cab (Bejeweled Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zon...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F6CAAC-6FC7-4715-80C2-071C21097587}: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E39B74E-EE5B-4123-AD6E-B9800506D5C3}: DhcpNameServer = 192.168.2.1 97.64.209.36 97.64.168.13
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 16:08:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HELEN\Recent
[2011/12/28 23:00:59 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/28 23:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/28 23:00:58 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/28 23:00:55 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/28 23:00:55 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/28 23:00:54 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/28 23:00:53 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/28 23:00:53 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/28 23:00:53 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/28 23:00:34 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/28 23:00:33 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/28 23:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/28 23:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/28 22:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2011/12/28 21:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HELEN\Desktop\logs
[2011/12/28 20:21:56 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\HELEN\Desktop\VEW.exe
[2011/12/28 17:56:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 17:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 17:25:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/28 17:25:12 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HELEN\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/28 17:15:07 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HELEN\Desktop\aswMBR.exe
[2011/12/28 17:10:19 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HELEN\Desktop\tdsskiller.exe
[2011/12/28 17:06:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/28 11:22:14 | 004,354,974 | R--- | C] (Swearware) -- C:\Documents and Settings\HELEN\Desktop\ComboFix.exe
[2011/12/27 09:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/12/26 22:23:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HELEN\Desktop\OTL.exe
[2011/12/26 22:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HELEN\Application Data\PerformerSoft
[2011/12/26 22:23:03 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2011/12/26 21:32:07 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HELEN\Desktop\mbam-setup.exe
[2011/12/25 20:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/24 19:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/12/24 18:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/24 18:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/12/24 18:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/12/24 18:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/12/24 18:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HELEN\Start Menu\Programs\BrowserPlus
[2011/12/24 18:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HELEN\Local Settings\Application Data\Yahoo!
[2011/12/24 18:18:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2011/12/24 16:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/24 16:38:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2011/12/24 16:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2011/12/24 16:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/12/16 19:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee(5)
[2011/12/16 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
[2011/12/16 12:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee(4)
[2011/12/16 09:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup(2)
[2011/12/16 09:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup(2)
[2011/12/16 09:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee(3).com
[2011/12/16 08:53:37 | 000,000,000 | ---D | C] -- C:\20111216085337-378490387
[2011/12/16 08:53:05 | 000,000,000 | ---D | C] -- C:\Archive
[2011/12/15 22:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee(3)
[2011/12/11 20:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HELEN\Application Data\ElevatedDiagnostics
[2011/12/11 20:10:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2003/12/09 13:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HELEN\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\HELEN\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\HELEN\*.tmp files -> C:\Documents and Settings\HELEN\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 20:49:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 20:49:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1912649743-2128827580-1748673051-1006.job
[2011/12/29 20:49:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 20:49:32 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 19:14:59 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\Shortcut to TDSSKiller.2.6.25.0_29.12.2011_18.21.00_log.lnk
[2011/12/29 18:35:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/12/29 15:39:09 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\HELEN\Desktop\VEW.exe
[2011/12/29 15:32:00 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\avast result.bmp
[2011/12/28 23:01:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/28 23:00:54 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/28 22:59:46 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\setup_av_free_cnet.exe
[2011/12/28 22:41:54 | 000,430,080 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\UPHClean-Setup.msi
[2011/12/28 22:01:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\MBR.dat
[2011/12/28 21:56:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/28 20:18:19 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/28 17:25:47 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\HELEN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 17:25:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 17:25:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HELEN\Desktop\mbam-setup-1.60.0.1800.exe
[2011/12/28 17:15:14 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HELEN\Desktop\aswMBR.exe
[2011/12/28 17:13:56 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\Shortcut to TDSSKiller.2.6.25.0_28.12.2011_17.10.32_log.lnk
[2011/12/28 17:10:32 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HELEN\Desktop\tdsskiller.exe
[2011/12/28 11:22:22 | 004,354,974 | R--- | M] (Swearware) -- C:\Documents and Settings\HELEN\Desktop\ComboFix.exe
[2011/12/26 22:24:10 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1912649743-2128827580-1748673051-1006.job
[2011/12/26 22:23:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HELEN\Desktop\OTL.exe
[2011/12/26 22:23:29 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/12/26 21:32:52 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HELEN\Desktop\mbam-setup.exe
[2011/12/26 21:19:59 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\FixNCR.reg
[2011/12/25 20:42:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/24 19:56:42 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\HELEN\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/24 19:56:42 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/12/24 15:11:42 | 000,468,524 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/24 15:11:42 | 000,083,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/24 15:07:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/11 20:14:38 | 000,983,040 | ---- | M] () -- C:\Documents and Settings\HELEN\Desktop\MicrosoftFixit50777.msi
[2011/12/11 17:47:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/09 19:46:50 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\HELEN\jagex_runescape_preferences2.dat
[2011/12/09 19:45:05 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\HELEN\jagex_runescape_preferences.dat
[2011/12/09 19:45:03 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\HELEN\jagex_cl_runescape_LIVE.dat
[2011/12/06 17:22:38 | 000,028,760 | ---- | M] (McAfee, Inc.) -- C:\ScriptFF.dll
[2011/12/02 18:04:22 | 000,017,464 | ---- | M] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HELEN\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\HELEN\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\HELEN\*.tmp files -> C:\Documents and Settings\HELEN\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 19:14:58 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\Shortcut to TDSSKiller.2.6.25.0_29.12.2011_18.21.00_log.lnk
[2011/12/29 18:35:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/12/29 15:31:59 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\avast result.bmp
[2011/12/28 23:01:00 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/28 22:59:26 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\setup_av_free_cnet.exe
[2011/12/28 22:41:33 | 000,430,080 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\UPHClean-Setup.msi
[2011/12/28 17:25:47 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\HELEN\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 17:25:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 17:18:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\MBR.dat
[2011/12/28 17:13:56 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\Shortcut to TDSSKiller.2.6.25.0_28.12.2011_17.10.32_log.lnk
[2011/12/28 15:45:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/26 22:23:28 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/12/26 22:16:12 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/26 21:19:59 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\FixNCR.reg
[2011/12/24 19:56:42 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\HELEN\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/24 19:56:42 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/12/11 20:14:36 | 000,983,040 | ---- | C] () -- C:\Documents and Settings\HELEN\Desktop\MicrosoftFixit50777.msi
[2011/12/09 19:45:03 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\HELEN\jagex_cl_runescape_LIVE.dat
[2011/12/08 20:31:36 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/03 13:48:56 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/12 15:32:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/11 13:00:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/28 14:16:45 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/11 11:50:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/11 11:50:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/11 11:50:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/11 11:50:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/30 16:51:58 | 000,577,568 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/02/19 20:18:18 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/11/02 18:29:25 | 000,000,086 | ---- | C] () -- C:\WINDOWS\epro.ini
[2008/08/28 22:27:39 | 000,030,976 | ---- | C] () -- C:\WINDOWS\rascntrl.dll
[2008/08/28 22:27:39 | 000,023,104 | ---- | C] () -- C:\WINDOWS\System32\svcprmpt.dll
[2008/03/10 19:05:32 | 000,000,023 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/03/10 19:05:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2008/02/04 20:19:55 | 000,000,184 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/03 23:04:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msnmsgr.exe.ini
[2007/12/16 18:47:18 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007/12/12 22:45:07 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/25 19:30:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/11/22 16:37:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\sdfixwcs.dll
[2007/06/30 22:02:54 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/11 22:25:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\HELEN\Local Settings\Application Data\fusioncache.dat
[2006/11/05 13:59:45 | 000,003,184 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/05 10:18:17 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\HELEN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/10/26 23:13:51 | 000,011,520 | ---- | C] () -- C:\Documents and Settings\HELEN\Application Data\wklnhst.dat
[2006/10/20 01:10:20 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\1564C9D959.sys
[2006/10/20 01:10:19 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/18 19:28:19 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/10/18 19:28:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2006/10/18 19:28:11 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/18 19:28:10 | 000,201,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV302AV.SYS
[2006/10/18 19:27:48 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/10/18 19:00:43 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/17 05:57:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/17 05:50:01 | 000,000,283 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/17 05:48:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/17 05:43:58 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/10/17 05:42:07 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/10/17 05:39:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/17 05:14:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/17 05:14:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/10/17 05:14:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/14 12:51:16 | 000,007,990 | ---- | C] () -- C:\WINDOWS\System32\drwatson.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,468,524 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,083,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/12/28 23:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/11/29 18:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008/11/03 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/04/14 16:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/04/14 16:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/11/01 18:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/07/02 21:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/11/03 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2009/02/19 20:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/07/26 18:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/10/02 21:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/02/20 23:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/02/11 18:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/09/01 00:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/02/16 17:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/10/11 11:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/08/12 23:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/12/24 18:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/11/07 21:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/08/28 13:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ULOPRYVFYG
[2007/02/08 21:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/17 15:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2007/03/28 15:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2008/12/24 20:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\7Wonders
[2008/08/28 13:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\AweSEM
[2011/12/11 20:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\ElevatedDiagnostics
[2008/02/21 21:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\Eyeblaster
[2006/10/18 19:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\FotoWire
[2008/09/03 01:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\funkitron
[2009/03/31 17:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\GameHouse
[2009/09/16 15:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\GetRightToGo
[2008/06/22 18:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\Hasbro
[2007/11/22 16:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\IDS_COMPANY
[2008/06/22 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\iWin
[2008/06/22 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\iWinArcade
[2007/02/11 19:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\Leadertech
[2009/10/03 08:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\OpenOffice.org
[2010/06/20 17:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\Opera
[2011/12/26 22:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\PerformerSoft
[2009/02/16 17:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\PlayFirst
[2008/08/20 23:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\Pogo Games
[2008/08/28 12:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\PogoChessBuddy
[2008/11/07 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\SecondLife
[2010/11/29 18:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\simppulltoolbar
[2011/12/19 18:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\SoftGrid Client
[2007/11/07 18:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\Template
[2010/09/14 18:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\TP
[2007/02/08 21:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HELEN\Application Data\Viewpoint

========== Purity Check ==========



< End of report >


VEW System:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/12/2011 9:22:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2011 9:20:59 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 29/12/2011 9:20:59 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

VEW Application:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/12/2011 3:40:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/12/2011 3:37:10 PM
Type: error Category: 11
Event: 3037 Source: Application Virtualization Client
{tid=C4C}
The Application Virtualization Client cannot open OfficeVirt 9014006204090000

Log: 'Application' Date/Time: 29/12/2011 3:37:10 PM
Type: error Category: 1
Event: 100 Source: CVHSVC
Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: error Category: 1
Event: 100 Source: CVHSVC
Information only. Product registration is corrupted for {90140011-0062-0409-0000-0000000FF1CE}

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: error Category: 1
Event: 100 Source: CVHSVC
Information only. Error: Product {90140011-0062-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: error Category: 1
Event: 100 Source: CVHSVC
Information only. Product registration is corrupted for {90140011-0062-0409-0000-0000000FF1CE}

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: error Category: 1
Event: 100 Source: CVHSVC
Information only. Error: Product {90140011-0062-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: error Category: 1
Event: 100 Source: CVHSVC
Information only. Product registration is corrupted for {90140011-0062-0409-0000-0000000FF1CE}

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: error Category: 1
Event: 100 Source: CVHSVC
Information only. Error: Product {90140011-0062-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/12/2011 3:37:10 PM
Type: warning Category: 1
Event: 100 Source: CVHSVC
Information only. Error: Virtual app registration is corrupted. Rerun bootstrapper. [SoftGrid Error: 0x0000000000000a09 in Module: Core, File: swappmgr.cpp:2176] Type: 96::SoftGridApplicationFailure. Stopping task (Stream product id=0x0062) because of fatal error.

Log: 'Application' Date/Time: 29/12/2011 3:37:10 PM
Type: warning Category: 1
Event: 100 Source: CVHSVC
Information only. Warning: GetPackageInfo failed for '{00000000-0000-0000-0000-000000000000}'. [SoftGrid Error: 0x0000000000001802 in Module: Core, File: packagemgr.cpp:912]

Log: 'Application' Date/Time: 29/12/2011 3:37:10 PM
Type: warning Category: 1
Event: 100 Source: CVHSVC
Information only. Error: verion has fewer then two or more than four components Type: 29::InvalidArgument. Stopping task (PatchApply task for {90140011-0062-0409-0000-0000000FF1CE}) because of fatal error.

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: warning Category: 1
Event: 100 Source: CVHSVC
Information only. Warning: GetPackageInfo failed for '{00000000-0000-0000-0000-000000000000}'. [SoftGrid Error: 0x0000000000001802 in Module: Core, File: packagemgr.cpp:912]

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: warning Category: 1
Event: 100 Source: CVHSVC
Information only. Warning: GetPackageInfo failed for '{00000000-0000-0000-0000-000000000000}'. [SoftGrid Error: 0x0000000000001802 in Module: Core, File: packagemgr.cpp:912]

Log: 'Application' Date/Time: 29/12/2011 3:37:09 PM
Type: warning Category: 1
Event: 100 Source: CVHSVC
Information only. Warning: GetPackageInfo failed for '{00000000-0000-0000-0000-000000000000}'. [SoftGrid Error: 0x0000000000001802 in Module: Core, File: packagemgr.cpp:912]

Log: 'Application' Date/Time: 29/12/2011 3:37:08 PM
Type: warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=AE0}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files\Microsoft Application Virtualization Client Global Data Directory: C:\Documents and Settings\All Users\Documents\ Machine Name: HELEN Operating System: Windows XP Professional 32-bit Service Pack 3.0 Build 2600 OSD Command:

Log: 'Application' Date/Time: 29/12/2011 3:37:02 PM
Type: warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=AE0}
-------------------------------------------------------- Initialized client log (C:\Documents and Settings\All Users\Application Data\Microsoft\Application Virtualization Client\sftlog.txt)
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
We still have a logmein driver trying to load.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\HELEN\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore
[2011/12/16 19:23:54 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

:files
sc config LMIRfsDriver start= disabled /c
sc config cvhsvc  start= disabled /c
    
:Commands
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

You have a bunch of stuff turned off in msconfig. Go back in and turn it all back on then run Combofix again and post the log.
  • 0

#18
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here are the logs for OTL and ComboFix:

OTL:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MVT\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/SAFFPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8\ deleted successfully.
C:\Documents and Settings\HELEN\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore not found.
C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit\ deleted successfully.
C:\WINDOWS\system32\LMIinit.dll moved successfully.
========== FILES ==========
< sc config LMIRfsDriver start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\HELEN\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HELEN\Desktop\cmd.txt deleted successfully.
< sc config cvhsvc start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\HELEN\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HELEN\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_221939

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ComboFix:

ComboFix 11-12-29.05 - HELEN 12/29/2011 22:34:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.566 [GMT -6:00]
Running from: c:\documents and settings\HELEN\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HELEN\ntuser.tmp
c:\windows\system32\drivers\npf.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 05:00 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-29 05:00 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-29 05:00 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-29 05:00 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-29 05:00 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-29 05:00 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-29 05:00 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-29 05:00 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-29 05:00 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-29 05:00 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-29 05:00 . 2011-12-29 05:00 -------- d-----w- c:\program files\AVAST Software
2011-12-29 05:00 . 2011-12-29 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-29 04:42 . 2011-12-29 04:43 -------- d-----w- c:\program files\UPHClean
2011-12-28 23:56 . 2011-12-28 23:56 -------- d-----w- C:\_OTL
2011-12-28 23:25 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 15:25 . 2011-11-10 11:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-27 15:25 . 2011-11-10 11:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-27 04:23 . 2011-12-27 04:30 -------- d-----w- c:\documents and settings\HELEN\Application Data\PerformerSoft
2011-12-27 04:23 . 2011-12-03 00:04 17464 ----a-w- c:\windows\system32\roboot.exe
2011-12-25 00:24 . 2011-12-25 00:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-25 00:21 . 2011-12-28 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-25 00:20 . 2011-12-25 00:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-12-25 00:20 . 2011-12-25 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-12-25 00:20 . 2011-12-25 00:20 -------- d-----w- c:\documents and settings\HELEN\Local Settings\Application Data\Yahoo!
2011-12-25 00:18 . 2011-12-25 00:18 -------- d-----w- c:\windows\LastGood(2)
2011-12-24 22:38 . 2011-12-24 22:38 -------- d--h--w- c:\program files\Creative Installation Information
2011-12-24 22:38 . 2011-12-24 22:38 -------- d-----w- c:\program files\Common Files\Creative
2011-12-24 21:11 . 2011-12-24 21:11 4796 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-12-17 01:59 . 2011-12-24 23:44 -------- d-----w- c:\program files\Common Files\McAfee(5)
2011-12-16 18:55 . 2011-12-25 00:13 -------- d-----w- c:\program files\Common Files\McAfee(4)
2011-12-16 15:49 . 2011-12-25 00:19 -------- d-----w- c:\program files\McAfee Online Backup(2)
2011-12-16 15:47 . 2011-12-25 00:19 -------- d-----w- c:\program files\McAfee(3).com
2011-12-16 14:53 . 2011-12-16 14:55 -------- d-----w- C:\20111216085337-378490387
2011-12-16 14:53 . 2011-12-16 14:53 -------- d-----w- C:\Archive
2011-12-16 04:48 . 2011-12-25 00:22 -------- d-----w- c:\program files\Common Files\McAfee(3)
2011-12-12 02:11 . 2011-12-12 02:11 -------- d-----w- c:\documents and settings\HELEN\Application Data\ElevatedDiagnostics
2011-12-11 23:39 . 2011-12-11 23:39 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-11 23:38 . 2011-12-11 23:38 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-11 23:38 . 2011-12-11 23:38 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 00:59 . 2011-06-26 06:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-06 23:22 . 2011-09-16 00:26 28760 ----a-w- C:\ScriptFF.dll
2011-12-02 23:40 . 2004-08-10 17:51 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k(2)(2).sys
2011-11-10 09:27 . 2009-04-07 23:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32(3)(3).dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2011-10-25 13:33 . 2004-08-10 17:51 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-11-12 22:32 . 2011-09-19 22:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2010-05-18 23:46 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-28_22.22.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-12-30 04:26 . 2011-12-30 04:26 16384 c:\windows\temp\Perflib_Perfdata_76c.dat
- 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-12-29 01:45 . 2011-12-29 01:45 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-11-23 09:02 . 2011-11-23 09:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-12-29 04:43 . 2011-12-29 04:43 25214 c:\windows\Installer\{7D15B945-2725-4443-AB3F-D900556612FE}\_6FEFF9B68218417F98F549.exe
+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-04-28 20:16 . 2011-12-29 02:18 260640 c:\windows\system32\FNTCACHE.DAT
- 2010-04-28 20:16 . 2011-12-25 00:25 260640 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 17:51 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2004-08-10 17:51 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-12-29 05:00 . 2011-12-29 05:00 219648 c:\windows\Installer\7068d.msi
+ 2011-12-29 04:42 . 2011-12-29 04:42 261632 c:\windows\Installer\408f8.msi
+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-02-09 11:13 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-10 17:51 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2009-04-15 06:14 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-15 06:14 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-15 06:14 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-15 06:14 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-15 06:14 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-15 06:14 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-11-01 19:34 . 2011-11-01 19:34 2247168 c:\windows\Installer\2bab6a.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34 2531840 c:\windows\Installer\2bab60.msp
- 2011-10-07 21:55 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-10-07 21:55 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-10-07 21:55 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2011-10-07 21:55 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-10-07 21:55 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2011-10-07 21:55 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-10-07 21:55 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2011-10-07 21:55 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-04 00:56 . 2011-12-29 01:45 52988224 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 67128]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-12-20 2696512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-17 98304]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-11 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-6 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-5-1 450560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=fxscover.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"PcCtlCom"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"53:UDP"= 53:UDP:Promo
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/28/2011 11:00 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/28/2011 11:00 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/28/2011 11:00 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/28/2011 5:25 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/28/2011 5:25 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2011 8:31 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2011 8:31 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-09 02:31]
.
2011-12-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1912649743-2128827580-1748673051-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1912649743-2128827580-1748673051-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HELEN\Application Data\Mozilla\Firefox\Profiles\ujrlj6ky.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.facebook.com
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 22:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-29 22:53:08
ComboFix-quarantined-files.txt 2011-12-30 04:53
ComboFix2.txt 2011-12-28 23:03
ComboFix3.txt 2009-10-11 19:25
ComboFix4.txt 2009-10-11 18:03
ComboFix5.txt 2011-12-30 04:32
.
Pre-Run: 72,782,868,480 bytes free
Post-Run: 72,818,417,664 bytes free
.
- - End Of File - - B23C3D028CE3785B424CD957AFB63788
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
I need you to turn on the services too:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"PcCtlCom"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)

Then run Combofix one more time
  • 0

#20
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
This might be a dumb question, but how do I turn them on? Do I just go to Services under Administrative Tools in the Control panel and start the ones you specified or do I need to do something else?

Thanks.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Start, Run, msconfig, OK Then click on the Services tab and check all the ones that are not checked then OK and reboot.
  • 0

#22
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, I thought that was right, but was making sure. That's what we did before and she just checked and they are all enabled now whereas some were not prior to rebooting and running combofix. I also asked her if some of the services listed in your post were listed on there and she said they were not. Should they be? I can have her restart again and re-run combofix, but I know we did it the first time around. Observations?
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
I'm just going by what combofix sees. When you run msconfig on the front page is a button Normal Startup. If you click that and apply and reboot it should load all services.

Then run Combofix so I can see what needs to be removed. When things are in msconfig and you uninstall them they get left behind.
  • 0

#24
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I just had her make sure Normal startup was selected. I will have her make sure they are all checked one more time and re-scan with combofix just to make sure and will hope it is just a fluke.

Thanks
  • 0

#25
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Also, is she supposed to see those programs being represented under services? For example, I know pcctlcom and tmntsrv belong to Trend Micro, but there's nothing that pertains to those files or Trend Micro in services.
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Just run combofix with msconfig set to Normal startup and it should work. The entries may be gone so you don't see them in services in which case combofix will clean them out for us.
  • 0

#27
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here is the ComboFix file. Hopefully this one is right.

ComboFix 11-12-29.05 - HELEN 12/30/2011 0:45.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.649 [GMT -6:00]
Running from: c:\documents and settings\HELEN\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 05:00 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-29 05:00 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-29 05:00 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-29 05:00 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-29 05:00 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-29 05:00 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-29 05:00 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-29 05:00 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-29 05:00 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-29 05:00 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-29 05:00 . 2011-12-29 05:00 -------- d-----w- c:\program files\AVAST Software
2011-12-29 05:00 . 2011-12-29 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-29 04:42 . 2011-12-29 04:43 -------- d-----w- c:\program files\UPHClean
2011-12-28 23:56 . 2011-12-28 23:56 -------- d-----w- C:\_OTL
2011-12-28 23:25 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 15:25 . 2011-11-10 11:54 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-27 15:25 . 2011-11-10 11:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-27 04:23 . 2011-12-27 04:30 -------- d-----w- c:\documents and settings\HELEN\Application Data\PerformerSoft
2011-12-27 04:23 . 2011-12-03 00:04 17464 ----a-w- c:\windows\system32\roboot.exe
2011-12-25 00:24 . 2011-12-25 00:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-25 00:21 . 2011-12-28 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-25 00:20 . 2011-12-25 00:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-12-25 00:20 . 2011-12-25 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-12-25 00:20 . 2011-12-25 00:20 -------- d-----w- c:\documents and settings\HELEN\Local Settings\Application Data\Yahoo!
2011-12-25 00:18 . 2011-12-25 00:18 -------- d-----w- c:\windows\LastGood(2)
2011-12-24 22:38 . 2011-12-24 22:38 -------- d--h--w- c:\program files\Creative Installation Information
2011-12-24 22:38 . 2011-12-24 22:38 -------- d-----w- c:\program files\Common Files\Creative
2011-12-24 21:11 . 2011-12-24 21:11 4796 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-12-17 01:59 . 2011-12-24 23:44 -------- d-----w- c:\program files\Common Files\McAfee(5)
2011-12-16 18:55 . 2011-12-25 00:13 -------- d-----w- c:\program files\Common Files\McAfee(4)
2011-12-16 15:49 . 2011-12-25 00:19 -------- d-----w- c:\program files\McAfee Online Backup(2)
2011-12-16 15:47 . 2011-12-25 00:19 -------- d-----w- c:\program files\McAfee(3).com
2011-12-16 14:53 . 2011-12-16 14:55 -------- d-----w- C:\20111216085337-378490387
2011-12-16 14:53 . 2011-12-16 14:53 -------- d-----w- C:\Archive
2011-12-16 04:48 . 2011-12-25 00:22 -------- d-----w- c:\program files\Common Files\McAfee(3)
2011-12-12 02:11 . 2011-12-12 02:11 -------- d-----w- c:\documents and settings\HELEN\Application Data\ElevatedDiagnostics
2011-12-11 23:39 . 2011-12-11 23:39 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-11 23:38 . 2011-12-11 23:38 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-11 23:38 . 2011-12-11 23:38 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 00:59 . 2011-06-26 06:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-06 23:22 . 2011-09-16 00:26 28760 ----a-w- C:\ScriptFF.dll
2011-12-02 23:40 . 2004-08-10 17:51 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k(2)(2).sys
2011-11-10 09:27 . 2009-04-07 23:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32(3)(3).dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2011-10-25 13:33 . 2004-08-10 17:51 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-11-12 22:32 . 2011-09-19 22:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2010-05-18 23:46 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-30_04.49.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 05:36 . 2011-12-30 05:36 16384 c:\windows\temp\Perflib_Perfdata_168.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 67128]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-12-20 2696512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-17 98304]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-11 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=fxscover.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"PcCtlCom"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aawservice"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"53:UDP"= 53:UDP:Promo
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/28/2011 11:00 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/28/2011 11:00 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/28/2011 11:00 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/28/2011 5:25 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/28/2011 5:25 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2011 8:31 PM 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2011 8:31 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-09 02:31]
.
2011-12-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1912649743-2128827580-1748673051-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2011-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1912649743-2128827580-1748673051-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 97.64.209.36 97.64.168.13
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HELEN\Application Data\Mozilla\Firefox\Profiles\ujrlj6ky.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.facebook.com
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 00:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-30 01:03:48
ComboFix-quarantined-files.txt 2011-12-30 07:03
ComboFix2.txt 2011-12-30 04:53
ComboFix3.txt 2011-12-28 23:03
ComboFix4.txt 2009-10-11 19:25
ComboFix5.txt 2011-12-30 06:43
.
Pre-Run: 72,645,644,288 bytes free
Post-Run: 72,784,748,544 bytes free
.
- - End Of File - - 0C77B108CF608DB6CADE78AE58FB2E42
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
They are still showing but I think they are orphans so we can forget about the msconfig entries. Everything else is clean so I think we are done.



We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#29
JustinLeeA25

JustinLeeA25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thanks a bunch! She has graciously offered any of our children as gratuity for your services.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP