Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop icons don't display. Results of scan [Solved]


  • This topic is locked This topic is locked

#1
LillyNoneya

LillyNoneya

    Member

  • Member
  • PipPip
  • 17 posts
I picked up a nasty virus or worm somewhere and seemingly cannot dislodge it. The symptoms are:

1. Two fake antivirus programs (XP Security 2011 and MS Tool Remover) constantly executed and attempted to scan.
2. All desktop icons have disappeared.
3. Start menu and taskbar are both visible, but all shortcuts on taskbar have disappeared.
4. Cannot right click desktop to access shortcut menu.
5. The desktop folder (accessed through explorer) changes attributes to hidden (as did all sub-folders).
6. All items in "Start -> All Programs" have disappeared.

I did what was recommended

------------------------------
Extras.txt
--------------------------------
OTL Extras logfile created on: 12/28/2011 4:55:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Computers for Youth\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 655.39 Mb Available Physical Memory | 64.54% Memory free
1.64 Gb Paging File | 1.46 Gb Available in Paging File | 89.09% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 78.42 Gb Free Space | 52.62% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-C17A2C | User Name: Computers for Youth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57917:TCP" = 57917:TCP:*:Enabled:Pando Media Booster
"57917:UDP" = 57917:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"57917:TCP" = 57917:TCP:*:Enabled:Pando Media Booster
"57917:UDP" = 57917:UDP:*:Enabled:Pando Media Booster
"1669:TCP" = 1669:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"67:UDP" = 67:UDP:*:Enabled:DHCP Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012CE096-06BA-4f46-8E89-0B4F900E7479}" = Adobe Flash Player 10 Plugin
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{134598AA-6449-4D46-881D-7F5E858E2121}" = Super Star Language Arts Review 3a - Advanced Level
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2DE2AB70-FC1B-40DC-BFFA-1027A258971E}" = Digital Lifestyles
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B23DF51-DB1D-4083-BC33-672B5FC424C5}" = tazti
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5CBEC8A5-7463-45A6-9C1E-890A3854BE39}" = The Internet and the World Wide Web
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{703FC30C-4435-4971-A296-9277ED5BFD22}" = calibre
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C541157F-6CE9-4DD5-A67A-CE9ADB916ED9}" = Immune Attack
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{C79529D5-58F2-43CD-960D-C62BDC47F06F}" = Productivity Programs
"{C8735054-1960-402A-BDF3-C6B4DC29E75C}" = WebbIE and Accessible Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA0AA4C-D630-43BA-AF37-0F80A0EC300C}" = Computer Security and Privacy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E739A5A3-DEE2-4771-B48D-5AEC18402CFD}" = Computer Basics
"{E960C31B-B5B5-43BB-A0E6-A413FBC0BDAA}" = VIPRE Antivirus
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Alice in Vivaldi's Four Seasons_is1" = Alice in Vivaldi's Four Seasons 1.1.1
"Audacity_is1" = Audacity 1.2.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BASICR" = Microsoft Office Basic 2007
"Celestia_is1" = Celestia 1.6.0
"Google Updater" = Google Updater
"Icon Restore_is1" = Icon Restore 1.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.47
"LHTTSSPE" = L&H TTS3000 Español
"MapleStory" = MapleStory
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MuseScore" = MuseScore 0.9.6.1 MuseScore score typesetter
"NortonPCCheckup" = Norton PC Checkup
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"Resilient Planet Game" = Resilient Planet Game
"Scratch" = Scratch
"TuxMath" = Tux of Math Command (remove only)
"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass v3.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2011 5:59:26 PM | Computer Name = COMPUTER-C17A2C | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 12/21/2011 11:30:43 PM | Computer Name = COMPUTER-C17A2C | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 12/22/2011 9:15:46 AM | Computer Name = COMPUTER-C17A2C | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 12/22/2011 9:37:40 AM | Computer Name = COMPUTER-C17A2C | Source = Application Error | ID = 1000
Description = Faulting application officelivesignin.exe, version 2.0.2313.0, faulting
module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.

Error - 12/23/2011 4:25:46 AM | Computer Name = COMPUTER-C17A2C | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/23/2011 4:25:46 AM | Computer Name = COMPUTER-C17A2C | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/27/2011 10:57:52 PM | Computer Name = COMPUTER-C17A2C | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 10152, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 12/27/2011 10:57:52 PM | Computer Name = COMPUTER-C17A2C | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 12/27/2011 10:57:55 PM | Computer Name = COMPUTER-C17A2C | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 10152, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 12/28/2011 1:46:41 PM | Computer Name = COMPUTER-C17A2C | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 12/28/2011 5:52:36 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/28/2011 5:56:25 PM | Computer Name = COMPUTER-C17A2C | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/28/2011 5:56:25 PM | Computer Name = COMPUTER-C17A2C | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5


< End of report >










---------------------
OTL.Txt
----------------------

OTL logfile created on: 12/28/2011 4:55:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Computers for Youth\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 655.39 Mb Available Physical Memory | 64.54% Memory free
1.64 Gb Paging File | 1.46 Gb Available in Paging File | 89.09% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 78.42 Gb Free Space | 52.62% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-C17A2C | User Name: Computers for Youth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 16:53:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computers for Youth\My Documents\Downloads\OTL.scr
PRC - [2008/08/21 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WSearch)
SRV - File not found [Auto | Stopped] -- -- (srvF14)
SRV - File not found [Auto | Stopped] -- -- (SBPIMSvc)
SRV - File not found [Auto | Stopped] -- -- (SBAMSvc)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - [2011/11/10 19:23:52 | 000,490,840 | -H-- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/08/14 11:12:31 | 003,542,616 | -H-- | M] () [Auto | Stopped] -- C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll -- (Akamai)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 06:44:02 | 000,054,760 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/04/01 09:33:16 | 000,134,272 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 B1 D5 C8 81 C5 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.100008
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/08/20 11:55:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/27 10:42:48 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/28 12:05:33 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 20:18:59 | 000,000,000 | -H-D | M]

[2010/08/20 12:26:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Extensions
[2011/11/13 21:10:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions
[2011/04/13 22:12:30 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 06:13:50 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions\[email protected]
[2011/05/01 12:15:21 | 000,000,000 | -H-D | M] (Search Toolbar) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions\[email protected]
[2011/11/11 13:04:06 | 000,002,578 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\searchplugins\askcom.xml
[2011/07/04 16:11:18 | 000,001,819 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\searchplugins\bing.xml
[2011/05/21 00:37:05 | 000,009,932 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\searchplugins\mywebsearch.xml
[2011/12/28 12:05:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/12 23:32:23 | 000,000,000 | -H-D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/19 14:32:22 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/21 02:24:52 | 000,121,816 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/19 14:32:22 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/23 15:28:12 | 000,002,024 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/12/20 23:30:41 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2008/08/21 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [jdiNQqhyasYS.exe] C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1282155563514 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 188.229.89.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CEDB26-B912-45F3-B189-2322C18C6BA5}: DhcpNameServer = 188.229.89.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CEDB26-B912-45F3-B189-2322C18C6BA5}: NameServer = 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/18 13:06:29 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bf7f88f5-b05e-11df-9633-000bcd650892}\Shell - "" = AutoRun
O33 - MountPoints2\{bf7f88f5-b05e-11df-9633-000bcd650892}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf7f88f5-b05e-11df-9633-000bcd650892}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: srvF14 - File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 16:51:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Computers for Youth\Recent
[2011/12/28 16:14:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{D426CFD0-87FC-4906-98D9-A23F5D515D61}
[2011/12/28 16:14:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{C291A080-B400-4E34-AE3F-3D2B9637D56C}
[2011/12/28 16:14:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{1F43A58C-EA28-43E6-9EC4-34574A16EBB7}
[2011/12/28 16:14:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{13E7F612-F261-4391-BEA2-39DF4F3FA311}
[2011/12/28 16:14:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts
[2011/12/28 15:33:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Start Menu\Programs\System Fix
[2011/12/28 14:26:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[2011/12/28 14:26:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Application Data\IObit
[2011/12/24 13:58:28 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/12/24 00:50:22 | 000,330,752 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pad.exe
[2011/12/24 00:50:16 | 000,330,752 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jnr.exe
[2011/12/20 10:35:39 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/12/14 23:38:08 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/14 23:38:08 | 000,000,000 | -H-D | C] -- C:\Program Files\IObit Toolbar
[2011/12/14 23:38:08 | 000,000,000 | -H-D | C] -- C:\Program Files\Application Updater
[2011/12/14 23:38:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/12 00:09:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/11/29 16:18:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexon
[2011/11/29 15:52:51 | 000,414,368 | -H-- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2010/09/09 10:06:25 | 000,947,592 | -H-- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/08/20 12:00:27 | 000,114,688 | -H-- | C] (Sensory Software) -- C:\Program Files\DwellClick.exe
[80 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 16:57:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7F35ED4-816B-4785-A811-18E380C7863C}.job
[2011/12/28 16:55:00 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009UA.job
[2011/12/28 16:55:00 | 000,000,926 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009Core.job
[2011/12/28 16:53:00 | 000,001,034 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1004UA.job
[2011/12/28 16:46:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/28 16:42:22 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0y
[2011/12/28 16:42:22 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0yr
[2011/12/28 16:42:14 | 000,000,849 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/28 16:42:05 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 16:41:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/28 16:41:35 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/12/28 16:41:32 | 000,000,908 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 16:41:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 15:38:00 | 000,000,912 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 15:35:56 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y
[2011/12/28 15:33:08 | 000,000,831 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Desktop\System Fix.lnk
[2011/12/28 15:32:57 | 000,356,608 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y.exe
[2011/12/28 13:53:00 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1004Core.job
[2011/12/28 11:56:36 | 000,000,353 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Desktop\My Documents (2).lnk
[2011/12/28 00:04:47 | 000,451,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe
[2011/12/27 21:57:55 | 000,553,112 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/27 21:57:55 | 000,102,160 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/27 21:33:56 | 000,015,024 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\758011749
[2011/12/27 21:33:54 | 000,015,012 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1423162062
[2011/12/27 21:23:29 | 000,014,440 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
[2011/12/24 01:01:40 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV
[2011/12/24 00:58:48 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORV
[2011/12/12 15:42:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/11/29 15:52:51 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[80 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[32 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 16:42:13 | 000,000,849 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/28 15:33:10 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0y
[2011/12/28 15:33:10 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0yr
[2011/12/28 15:33:08 | 000,000,831 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Desktop\System Fix.lnk
[2011/12/28 15:33:03 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y
[2011/12/28 15:32:57 | 000,356,608 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y.exe
[2011/12/28 11:56:22 | 000,000,353 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Desktop\My Documents (2).lnk
[2011/12/28 00:07:48 | 000,451,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe
[2011/12/25 15:35:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 13:31:44 | 000,000,664 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/12/24 00:56:04 | 000,015,024 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\758011749
[2011/12/24 00:56:04 | 000,015,012 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1423162062
[2011/12/24 00:56:00 | 000,014,440 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
[2011/12/24 00:50:25 | 000,014,440 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
[2011/12/24 00:50:25 | 000,014,438 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
[2011/12/18 16:50:08 | 000,000,978 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009UA.job
[2011/12/18 16:50:07 | 000,000,926 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009Core.job
[2011/11/17 03:31:53 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\0.26312037030491475.exe
[2011/11/13 20:27:29 | 000,000,272 | -H-- | C] () -- C:\WINDOWS\reimage.ini
[2011/11/12 23:52:25 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6yku2or3gLawipr
[2011/11/12 23:52:24 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6yku2or3gLawip
[2011/11/12 23:51:51 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6yku2or3gLawip
[2011/11/12 23:51:45 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6yku2or3gLawip.exe
[2011/11/12 13:09:11 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~uhlBGvazJ5syc1
[2011/11/12 13:09:11 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~uhlBGvazJ5syc1r
[2011/11/12 13:08:45 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\uhlBGvazJ5syc1
[2011/11/12 13:08:40 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\uhlBGvazJ5syc1.exe
[2011/11/12 12:38:28 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORV
[2011/11/12 12:38:28 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORVr
[2011/11/12 12:37:28 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV
[2011/11/12 12:37:16 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV.exe
[2011/11/12 12:03:41 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gXw4jw65ar9IXr
[2011/11/12 12:03:41 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gXw4jw65ar9IXrr
[2011/11/12 12:03:13 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gXw4jw65ar9IXr
[2011/11/12 12:03:07 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gXw4jw65ar9IXr.exe
[2011/11/12 11:50:57 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~tsTMVuEQnFcuX2
[2011/11/12 11:50:57 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~tsTMVuEQnFcuX2r
[2011/11/12 11:50:28 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tsTMVuEQnFcuX2
[2011/11/12 11:50:21 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tsTMVuEQnFcuX2.exe
[2011/11/09 16:22:11 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.48849068804336193.exe
[2011/11/08 23:22:12 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.8999829916972143.exe
[2011/11/08 23:22:06 | 000,006,794 | -H-- | C] () -- C:\WINDOWS\System32\0.24240498245311215.exe
[2011/11/08 23:22:04 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.37253941705508664.exe
[2011/11/08 23:22:04 | 000,006,793 | -H-- | C] () -- C:\WINDOWS\System32\0.17307882794614238.exe
[2011/11/08 23:21:48 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.25731937764379564.exe
[2011/11/08 23:21:46 | 000,006,793 | -H-- | C] () -- C:\WINDOWS\System32\0.4123662729943822.exe
[2011/06/24 11:06:51 | 000,012,920 | -H-- | C] () -- C:\WINDOWS\System32\apl001.sys
[2011/06/24 11:06:51 | 000,010,872 | -H-- | C] () -- C:\WINDOWS\System32\apf001.sys
[2011/06/06 05:29:01 | 021,235,680 | -H-- | C] () -- C:\Program Files\pal_install_a729_r1100.exe
[2011/04/26 13:01:58 | 000,013,312 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 15:03:58 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3
[2011/03/23 15:03:58 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3
[2010/09/21 14:39:34 | 000,414,218 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2672271832-2722486909-231842741-1004-0.dat
[2010/09/15 17:05:26 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/14 08:53:53 | 000,728,040 | -H-- | C] () -- C:\Program Files\k9-webprotection-32.exe
[2010/09/08 14:37:37 | 000,139,152 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/08 12:43:15 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2010/08/30 18:13:59 | 000,000,678 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2010/08/27 10:46:13 | 000,878,816 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-1004336348-1644491937-1004-0.dat
[2010/08/27 10:46:11 | 000,184,726 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/25 14:49:09 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\System32\msfffff2b7.dll
[2010/08/25 14:49:08 | 000,045,316 | -H-- | C] () -- C:\WINDOWS\System32\mssusr.dat
[2010/08/25 10:53:49 | 000,000,280 | -H-- | C] () -- C:\Program Files\dragit.110
[2010/08/20 12:26:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/20 09:16:15 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/18 13:09:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/18 13:02:52 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/18 08:49:59 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/18 08:48:31 | 000,163,528 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/21 07:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/08/21 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/08/21 07:00:00 | 000,553,112 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/21 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/08/21 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/08/21 07:00:00 | 000,102,160 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/21 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/08/21 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/08/21 07:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/21 07:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/08/21 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/08/21 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/08/21 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/08/21 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/12/28 16:52:10 | 000,737,055 | ---- | M] () MD5=E9D1F355A561D781831EDC2839F2057B -- C:\Documents and Settings\Computers for Youth\My Documents\Downloads\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/08/21 07:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/08/21 07:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/08/21 07:00:00 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/08/21 07:00:00 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/08/21 07:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/08/21 07:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 02:24:52 | 000,715,216 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 02:24:52 | 000,715,216 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 02:24:52 | 000,715,216 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 02:24:51 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 02:24:51 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 02:24:51 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 07:05:37 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 07:05:37 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 07:05:37 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\WebbIE3.exe\shell\open\command\\: "C:\Program Files\WebbIE\WEBBIE3.EXE" "%1"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\WebbIE3.exe\SOFTWARE\Clients\StartMenuInternet\WebbIE3.exe\InstallInfo\\HideIconsCommand: C:\Program Files\WebbIE\WebbIEMakeDefaultBrowser.exe -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\WebbIE3.exe\SOFTWARE\Clients\StartMenuInternet\WebbIE3.exe\InstallInfo\\ReinstallCommand: C:\Program Files\WebbIE\WebbIEMakeDefaultBrowser.exe -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\WebbIE3.exe\SOFTWARE\Clients\StartMenuInternet\WebbIE3.exe\InstallInfo\\ShowIconsCommand: C:\Program Files\WebbIE\WebbIEMakeDefaultBrowser.exe -show

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Computers for Youth\My Documents\VID00006.mp4:SummaryInformation

< End of report >







After runing the scan the spam of pop ups stopped but I'm still having trouble right clicking the desktop and having the icons appear on it.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets clobber this for you

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Re-run RogueKiller

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [jdiNQqhyasYS.exe] C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O33 - MountPoints2\{bf7f88f5-b05e-11df-9633-000bcd650892}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
    [2011/12/28 15:33:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Start Menu\Programs\System Fix
    [2011/12/24 00:50:22 | 000,330,752 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pad.exe
    [2011/12/24 00:50:16 | 000,330,752 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jnr.exe
    [2011/12/28 16:42:22 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0y
    [2011/12/28 16:42:22 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0yr
    [2011/12/28 16:42:14 | 000,000,849 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/28 15:35:56 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y
    [2011/12/28 15:33:08 | 000,000,831 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Desktop\System Fix.lnk
    [2011/12/28 15:32:57 | 000,356,608 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y.exe
    [2011/12/28 00:04:47 | 000,451,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe
    [2011/12/27 21:33:56 | 000,015,024 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\758011749
    [2011/12/27 21:33:54 | 000,015,012 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1423162062
    [2011/12/27 21:23:29 | 000,014,440 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/12/24 01:01:40 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV
    [2011/12/24 00:58:48 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORV
    [2011/12/28 16:42:13 | 000,000,849 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/28 15:33:10 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0y
    [2011/12/28 15:33:10 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0yr
    [2011/12/28 15:33:08 | 000,000,831 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Desktop\System Fix.lnk
    [2011/12/28 15:33:03 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y
    [2011/12/28 15:32:57 | 000,356,608 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y.exe
    [2011/12/28 00:07:48 | 000,451,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe
    [2011/12/24 00:56:04 | 000,015,024 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\758011749
    [2011/12/24 00:56:04 | 000,015,012 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1423162062
    [2011/12/24 00:56:00 | 000,014,440 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/12/24 00:50:25 | 000,014,440 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/12/24 00:50:25 | 000,014,438 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/11/17 03:31:53 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\0.26312037030491475.exe
    [2011/11/12 23:52:25 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6yku2or3gLawipr
    [2011/11/12 23:52:24 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6yku2or3gLawip
    [2011/11/12 23:51:51 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6yku2or3gLawip
    [2011/11/12 23:51:45 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6yku2or3gLawip.exe
    [2011/11/12 13:09:11 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~uhlBGvazJ5syc1
    [2011/11/12 13:09:11 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~uhlBGvazJ5syc1r
    [2011/11/12 13:08:45 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\uhlBGvazJ5syc1
    [2011/11/12 13:08:40 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\uhlBGvazJ5syc1.exe
    [2011/11/12 12:38:28 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORV
    [2011/11/12 12:38:28 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORVr
    [2011/11/12 12:37:28 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV
    [2011/11/12 12:37:16 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV.exe
    [2011/11/12 12:03:41 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gXw4jw65ar9IXr
    [2011/11/12 12:03:41 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gXw4jw65ar9IXrr
    [2011/11/12 12:03:13 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gXw4jw65ar9IXr
    [2011/11/12 12:03:07 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gXw4jw65ar9IXr.exe
    [2011/11/12 11:50:57 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~tsTMVuEQnFcuX2
    [2011/11/12 11:50:57 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~tsTMVuEQnFcuX2r
    [2011/11/12 11:50:28 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tsTMVuEQnFcuX2
    [2011/11/12 11:50:21 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tsTMVuEQnFcuX2.exe
    [2011/11/09 16:22:11 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.48849068804336193.exe
    [2011/11/08 23:22:12 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.8999829916972143.exe
    [2011/11/08 23:22:06 | 000,006,794 | -H-- | C] () -- C:\WINDOWS\System32\0.24240498245311215.exe
    [2011/11/08 23:22:04 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.37253941705508664.exe
    [2011/11/08 23:22:04 | 000,006,793 | -H-- | C] () -- C:\WINDOWS\System32\0.17307882794614238.exe
    [2011/11/08 23:21:48 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.25731937764379564.exe
    [2011/11/08 23:21:46 | 000,006,793 | -H-- | C] () -- C:\WINDOWS\System32\0.4123662729943822.exe
    [2011/06/24 11:06:51 | 000,012,920 | -H-- | C] () -- C:\WINDOWS\System32\apl001.sys
    [2011/06/24 11:06:51 | 000,010,872 | -H-- | C] () -- C:\WINDOWS\System32\apf001.sys
    [2011/06/06 05:29:01 | 021,235,680 | -H-- | C] () -- C:\Program Files\pal_install_a729_r1100.exe
    [2011/03/23 15:03:58 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3
    [2011/03/23 15:03:58 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3
    [2011/12/28 16:52:10 | 000,737,055 | ---- | M] () MD5=E9D1F355A561D781831EDC2839F2057B -- C:\Documents and Settings\Computers for Youth\My Documents\Downloads\explorer.exe

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

AND FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Computers for Youth [Admin rights]
Mode: Remove -- Date : 12/28/2011 18:32:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : jdiNQqhyasYS.exe (C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 532597f27462f1f698bf3b3048db0d33
[BSP] e4e58bc0c06ec35cd56b43e40f228e1b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 160038 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 3c5b168d97938eb47eb84b247b23965b
[BSP] dd17163e5637617fdf0b12e8590ea999 : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 160038 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#4
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Computers for Youth [Admin rights]
Mode: Remove -- Date : 12/28/2011 18:32:24

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : jdiNQqhyasYS.exe (C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 532597f27462f1f698bf3b3048db0d33
[BSP] e4e58bc0c06ec35cd56b43e40f228e1b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 160038 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 3c5b168d97938eb47eb84b247b23965b
[BSP] dd17163e5637617fdf0b12e8590ea999 : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 160038 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt








--------------------------------------------------------------------------------------------







RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Computers for Youth [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/28/2011 18:45:26

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 176 / Fail 0
Quick launch: Success 5 / Fail 0
Programs: Success 52785 / Fail 0
Start menu: Success 84 / Fail 0
User folder: Success 6355 / Fail 0
My documents: Success 237 / Fail 0
My favorites: Success 12 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 157717 / Fail 0
Backup: [FOUND] Success 16 / Fail 1

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#5
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL logfile created on: 12/28/2011 7:50:31 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Computers for Youth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 627.04 Mb Available Physical Memory | 61.75% Memory free
1.64 Gb Paging File | 1.35 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 82.54 Gb Free Space | 55.38% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-C17A2C | User Name: Computers for Youth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 18:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computers for Youth\Desktop\OTL(1).scr
PRC - [2011/12/04 12:58:22 | 003,082,320 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/05/30 22:32:12 | 000,350,576 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/04 12:58:22 | 003,082,320 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/08/21 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/08/21 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WSearch)
SRV - File not found [Auto | Stopped] -- -- (srvF14)
SRV - File not found [Auto | Stopped] -- -- (SBPIMSvc)
SRV - File not found [Auto | Stopped] -- -- (SBAMSvc)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/08/14 11:12:31 | 003,542,616 | ---- | M] () [Auto | Stopped] -- C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll -- (Akamai)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/04/01 09:33:16 | 000,134,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 B1 D5 C8 81 C5 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.100008
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/08/20 11:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/27 10:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/28 12:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 20:18:59 | 000,000,000 | ---D | M]

[2010/08/20 12:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Extensions
[2011/11/13 21:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions
[2011/04/13 22:12:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/06 06:13:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions\[email protected]
[2011/05/01 12:15:21 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\extensions\[email protected]
[2011/11/11 13:04:06 | 000,002,578 | ---- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\searchplugins\askcom.xml
[2011/07/04 16:11:18 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\searchplugins\bing.xml
[2011/05/21 00:37:05 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\searchplugins\mywebsearch.xml
[2011/12/28 12:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/12 23:32:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/19 14:32:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/19 14:32:22 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/23 15:28:12 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/28 18:51:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1282155563514 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 188.229.89.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CEDB26-B912-45F3-B189-2322C18C6BA5}: DhcpNameServer = 188.229.89.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CEDB26-B912-45F3-B189-2322C18C6BA5}: NameServer = 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/18 13:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 18:51:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 18:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Learning
[2011/12/28 18:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessible and WebbIE
[2011/12/28 18:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\RK_Quarantine
[2011/12/28 18:11:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Computers for Youth\Desktop\OTL(1).scr
[2011/12/28 18:06:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Computers for Youth\Recent
[2011/12/28 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{D426CFD0-87FC-4906-98D9-A23F5D515D61}
[2011/12/28 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{C291A080-B400-4E34-AE3F-3D2B9637D56C}
[2011/12/28 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{1F43A58C-EA28-43E6-9EC4-34574A16EBB7}
[2011/12/28 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts.{13E7F612-F261-4391-BEA2-39DF4F3FA311}
[2011/12/28 16:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computers for Youth\Desktop\Unused Desktop Shortcuts
[2011/12/28 14:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[2011/12/28 14:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computers for Youth\Application Data\IObit
[2011/12/24 13:58:28 | 000,000,000 | --SD | C] -- C:\found.003
[2011/12/20 10:35:39 | 000,000,000 | --SD | C] -- C:\found.002
[2011/12/14 23:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/14 23:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/12/14 23:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/12/14 23:38:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/12 00:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/11/29 16:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nexon
[2010/09/09 10:06:25 | 000,947,592 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/08/20 12:00:27 | 000,114,688 | ---- | C] (Sensory Software) -- C:\Program Files\DwellClick.exe

========== Files - Modified Within 30 Days ==========

[2011/12/28 19:53:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1004UA.job
[2011/12/28 19:52:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7F35ED4-816B-4785-A811-18E380C7863C}.job
[2011/12/28 19:41:37 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 19:41:35 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/12/28 19:41:34 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 19:41:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/28 19:40:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 19:38:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 19:24:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/28 18:55:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009UA.job
[2011/12/28 18:51:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/28 18:48:44 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/28 18:11:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Computers for Youth\Desktop\OTL(1).scr
[2011/12/28 16:55:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009Core.job
[2011/12/28 15:33:08 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/28 14:26:48 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/12/28 14:26:48 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2011/12/28 14:26:48 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2011/12/28 13:53:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1004Core.job
[2011/12/28 12:05:54 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/28 12:05:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/28 11:56:36 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\Computers for Youth\Desktop\My Documents (2).lnk
[2011/12/27 21:57:55 | 000,553,112 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/27 21:57:55 | 000,102,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/12 15:42:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2011/12/28 18:35:40 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/12/28 18:35:40 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2011/12/28 18:35:40 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2011/12/28 18:35:40 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/12/28 18:35:40 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/28 18:35:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/28 18:35:40 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/28 18:31:22 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/28 16:42:13 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/28 11:56:22 | 000,000,353 | ---- | C] () -- C:\Documents and Settings\Computers for Youth\Desktop\My Documents (2).lnk
[2011/12/25 15:35:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/24 13:31:44 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/12/18 16:50:08 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009UA.job
[2011/12/18 16:50:07 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1009Core.job
[2011/11/13 20:27:29 | 000,000,272 | -H-- | C] () -- C:\WINDOWS\reimage.ini
[2011/04/26 13:01:58 | 000,013,312 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/21 14:39:34 | 000,414,218 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2672271832-2722486909-231842741-1004-0.dat
[2010/09/15 17:05:26 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/14 08:53:53 | 000,728,040 | ---- | C] () -- C:\Program Files\k9-webprotection-32.exe
[2010/09/08 14:37:37 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/08 12:43:15 | 000,000,093 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2010/08/30 18:13:59 | 000,000,678 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/08/27 10:46:13 | 000,878,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-1004336348-1644491937-1004-0.dat
[2010/08/27 10:46:11 | 000,184,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/25 14:49:09 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\msfffff2b7.dll
[2010/08/25 14:49:08 | 000,045,316 | ---- | C] () -- C:\WINDOWS\System32\mssusr.dat
[2010/08/25 10:53:49 | 000,000,280 | ---- | C] () -- C:\Program Files\dragit.110
[2010/08/20 12:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/20 09:16:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/08/18 13:09:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/18 13:02:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/18 08:49:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/18 08:48:31 | 000,163,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/08/21 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/08/21 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/08/21 07:00:00 | 000,553,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/21 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/08/21 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/08/21 07:00:00 | 000,102,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/21 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/08/21 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/08/21 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/21 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/08/21 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/08/21 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/20 09:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/12/28 14:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/11/12 14:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/25 16:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/06/04 19:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/12/11 18:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/20 11:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/09 15:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\.minecraft
[2010/08/20 10:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Blender Foundation
[2010/08/23 09:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\calibre
[2011/10/24 01:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\gtk-2.0
[2010/08/23 15:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\inkscape
[2011/12/28 14:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\IObit
[2010/08/25 10:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\MSNInstaller
[2010/08/20 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\MusE
[2010/08/24 08:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\OpenOffice.org
[2011/06/29 15:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Paltalk
[2010/09/08 12:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Plogue
[2010/08/23 09:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Runiter
[2010/08/20 11:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Sensory
[2010/09/21 14:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\tazti
[2011/04/10 20:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Tific
[2011/08/20 18:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\tuxmath
[2010/08/24 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\WebbIE
[2010/08/20 10:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Windows Desktop Search
[2010/08/30 17:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Computers for Youth\Application Data\Windows Search
[2011/12/28 19:41:35 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/12/28 19:52:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7F35ED4-816B-4785-A811-18E380C7863C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Computers for Youth\My Documents\VID00006.mp4:SummaryInformation

< End of report >
  • 0

#6
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 20:04:53
-----------------------------
20:04:53.218 OS Version: Windows 5.1.2600 Service Pack 3
20:04:53.218 Number of processors: 1 586 0x401
20:04:53.218 ComputerName: COMPUTER-C17A2C UserName:
20:04:54.656 Initialize success
20:05:25.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:05:25.500 Disk 0 Vendor: Maxtor_4R160L0 RAMB1UU0 Size: 156334MB BusType: 3
20:05:25.500 Device \Driver\atapi -> DriverStartIo 869382e0
20:05:27.500 Disk 0 MBR read successfully
20:05:27.500 Disk 0 MBR scan
20:05:27.515 Disk 0 Windows XP default MBR code found via API
20:05:27.515 Disk 0 unknown MBR code
20:05:27.515 Disk 0 MBR hidden
20:05:27.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152624 MB offset 63
20:05:27.531 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
20:05:27.531 Disk 0 trace - called modules:
20:05:27.546 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x869384c0]<<
20:05:27.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd6ab8]
20:05:27.546 3 CLASSPNP.SYS[f78d6fd7] -> nt!IofCallDriver -> \Device\000000c3[0x86d1b2b8]
20:05:27.890 5 ACPI.sys[f77cd620] -> nt!IofCallDriver -> [0x86f8ed98]
20:05:27.890 \Driver\atapi[0x86a27880] -> IRP_MJ_CREATE -> 0x869384c0
20:05:27.890 Scan finished successfully
20:05:38.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Computers for Youth\Desktop\MBR.dat"
20:05:38.250 The log file has been saved successfully to "C:\Documents and Settings\Computers for Youth\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 20:04:53
-----------------------------
20:04:53.218 OS Version: Windows 5.1.2600 Service Pack 3
20:04:53.218 Number of processors: 1 586 0x401
20:04:53.218 ComputerName: COMPUTER-C17A2C UserName:
20:04:54.656 Initialize success
20:05:25.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:05:25.500 Disk 0 Vendor: Maxtor_4R160L0 RAMB1UU0 Size: 156334MB BusType: 3
20:05:25.500 Device \Driver\atapi -> DriverStartIo 869382e0
20:05:27.500 Disk 0 MBR read successfully
20:05:27.500 Disk 0 MBR scan
20:05:27.515 Disk 0 Windows XP default MBR code found via API
20:05:27.515 Disk 0 unknown MBR code
20:05:27.515 Disk 0 MBR hidden
20:05:27.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152624 MB offset 63
20:05:27.531 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**
20:05:27.531 Disk 0 trace - called modules:
20:05:27.546 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x869384c0]<<
20:05:27.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd6ab8]
20:05:27.546 3 CLASSPNP.SYS[f78d6fd7] -> nt!IofCallDriver -> \Device\000000c3[0x86d1b2b8]
20:05:27.890 5 ACPI.sys[f77cd620] -> nt!IofCallDriver -> [0x86f8ed98]
20:05:27.890 \Driver\atapi[0x86a27880] -> IRP_MJ_CREATE -> 0x869384c0
20:05:27.890 Scan finished successfully
20:05:38.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Computers for Youth\Desktop\MBR.dat"
20:05:38.250 The log file has been saved successfully to "C:\Documents and Settings\Computers for Youth\Desktop\aswMBR.txt"
20:05:54.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Computers for Youth\Desktop\MBR.dat"
20:05:54.828 The log file has been saved successfully to "C:\Documents and Settings\Computers for Youth\Desktop\aswMBR.txt"


and i guess thats it
  • 0

#7
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Hi there lets clobber this for you

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Re-run RogueKiller

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [jdiNQqhyasYS.exe] C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O33 - MountPoints2\{bf7f88f5-b05e-11df-9633-000bcd650892}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
    [2011/12/28 15:33:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Computers for Youth\Start Menu\Programs\System Fix
    [2011/12/24 00:50:22 | 000,330,752 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pad.exe
    [2011/12/24 00:50:16 | 000,330,752 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jnr.exe
    [2011/12/28 16:42:22 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0y
    [2011/12/28 16:42:22 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0yr
    [2011/12/28 16:42:14 | 000,000,849 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/28 15:35:56 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y
    [2011/12/28 15:33:08 | 000,000,831 | -H-- | M] () -- C:\Documents and Settings\Computers for Youth\Desktop\System Fix.lnk
    [2011/12/28 15:32:57 | 000,356,608 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y.exe
    [2011/12/28 00:04:47 | 000,451,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe
    [2011/12/27 21:33:56 | 000,015,024 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\758011749
    [2011/12/27 21:33:54 | 000,015,012 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1423162062
    [2011/12/27 21:23:29 | 000,014,440 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/12/24 01:01:40 | 000,000,440 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV
    [2011/12/24 00:58:48 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORV
    [2011/12/28 16:42:13 | 000,000,849 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/28 15:33:10 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0y
    [2011/12/28 15:33:10 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~vFWDdvkgN0jL0yr
    [2011/12/28 15:33:08 | 000,000,831 | -H-- | C] () -- C:\Documents and Settings\Computers for Youth\Desktop\System Fix.lnk
    [2011/12/28 15:33:03 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y
    [2011/12/28 15:32:57 | 000,356,608 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\vFWDdvkgN0jL0y.exe
    [2011/12/28 00:07:48 | 000,451,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe
    [2011/12/24 00:56:04 | 000,015,024 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\758011749
    [2011/12/24 00:56:04 | 000,015,012 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1423162062
    [2011/12/24 00:56:00 | 000,014,440 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/12/24 00:50:25 | 000,014,440 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/12/24 00:50:25 | 000,014,438 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\4qbtm05ks6ow7gqaf71oi624757b1a8272uu63sh70n21
    [2011/11/17 03:31:53 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\0.26312037030491475.exe
    [2011/11/12 23:52:25 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6yku2or3gLawipr
    [2011/11/12 23:52:24 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6yku2or3gLawip
    [2011/11/12 23:51:51 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6yku2or3gLawip
    [2011/11/12 23:51:45 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6yku2or3gLawip.exe
    [2011/11/12 13:09:11 | 000,000,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~uhlBGvazJ5syc1
    [2011/11/12 13:09:11 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~uhlBGvazJ5syc1r
    [2011/11/12 13:08:45 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\uhlBGvazJ5syc1
    [2011/11/12 13:08:40 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\uhlBGvazJ5syc1.exe
    [2011/11/12 12:38:28 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORV
    [2011/11/12 12:38:28 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WVYMljTON0PORVr
    [2011/11/12 12:37:28 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV
    [2011/11/12 12:37:16 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WVYMljTON0PORV.exe
    [2011/11/12 12:03:41 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gXw4jw65ar9IXr
    [2011/11/12 12:03:41 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~gXw4jw65ar9IXrr
    [2011/11/12 12:03:13 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gXw4jw65ar9IXr
    [2011/11/12 12:03:07 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gXw4jw65ar9IXr.exe
    [2011/11/12 11:50:57 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~tsTMVuEQnFcuX2
    [2011/11/12 11:50:57 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~tsTMVuEQnFcuX2r
    [2011/11/12 11:50:28 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tsTMVuEQnFcuX2
    [2011/11/12 11:50:21 | 000,339,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tsTMVuEQnFcuX2.exe
    [2011/11/09 16:22:11 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.48849068804336193.exe
    [2011/11/08 23:22:12 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.8999829916972143.exe
    [2011/11/08 23:22:06 | 000,006,794 | -H-- | C] () -- C:\WINDOWS\System32\0.24240498245311215.exe
    [2011/11/08 23:22:04 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.37253941705508664.exe
    [2011/11/08 23:22:04 | 000,006,793 | -H-- | C] () -- C:\WINDOWS\System32\0.17307882794614238.exe
    [2011/11/08 23:21:48 | 000,007,077 | -H-- | C] () -- C:\WINDOWS\System32\0.25731937764379564.exe
    [2011/11/08 23:21:46 | 000,006,793 | -H-- | C] () -- C:\WINDOWS\System32\0.4123662729943822.exe
    [2011/06/24 11:06:51 | 000,012,920 | -H-- | C] () -- C:\WINDOWS\System32\apl001.sys
    [2011/06/24 11:06:51 | 000,010,872 | -H-- | C] () -- C:\WINDOWS\System32\apf001.sys
    [2011/06/06 05:29:01 | 021,235,680 | -H-- | C] () -- C:\Program Files\pal_install_a729_r1100.exe
    [2011/03/23 15:03:58 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\Computers for Youth\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3
    [2011/03/23 15:03:58 | 000,013,926 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3
    [2011/12/28 16:52:10 | 000,737,055 | ---- | M] () MD5=E9D1F355A561D781831EDC2839F2057B -- C:\Documents and Settings\Computers for Youth\My Documents\Downloads\explorer.exe

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

AND FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


did i miss anything?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope you got the lot :thumbsup: I will need to check out your MBR next to determine which variant you have

Have all your icons/folders returned ?

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#9
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
yes they have thank you so much. Now let me run this scan than xD
  • 0

#10
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Nope you got the lot :thumbsup: I will need to check out your MBR next to determine which variant you have

Have all your icons/folders returned ?

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


yeah ... everything was picked to skip and it did not reboot...
but everything seems to be running fine just cant access my system restore =X and some of my files are missing
  • 0

Advertisements


#11
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
thats what happens in order.

Attached Thumbnails

  • 1.bmp.jpg
  • 2.bmp.jpg
  • 3.bmp.jpg
  • 4.bmp.jpg

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK re-run TDSSKiller and when it has the two TDSSFile elements flagged, select either restore or delete in the dropdown box - only one of those options will be available.

What files/folders are still missing ?

Re-run RogueKiller again with option 6 selected

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks, also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#13
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
i guess i cant really call them files its more like my programs are missing. For example Microsoft word? System tools stuff like that.

Amyways TDSS got my computer to reboot but the report didn't come up.

As for rougekiller

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Computers for Youth [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/31/2011 01:43:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 24 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 45 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#14
LillyNoneya

LillyNoneya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK re-run TDSSKiller and when it has the two TDSSFile elements flagged, select either restore or delete in the dropdown box - only one of those options will be available.

What files/folders are still missing ?

Re-run RogueKiller again with option 6 selected

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks, also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now



ComboFix 11-12-30.02 - Computers for Youth 12/31/2011 1:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.606 [GMT -5:00]
Running from: c:\documents and settings\Computers for Youth\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Attempt\Start Menu\Programs\System Restore
c:\documents and settings\Attempt\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\Attempt\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\documents and settings\Computers for Youth\Start Menu\Programs\System Restore
c:\program files\Internet Explorer\SET836.tmp
c:\program files\Internet Explorer\SET83B.tmp
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 06:34 . 2011-12-31 06:36 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-28 23:51 . 2011-12-28 23:51 -------- d-----w- C:\_OTL
2011-12-28 19:26 . 2011-12-28 19:26 -------- d-----w- c:\documents and settings\Computers for Youth\Application Data\IObit
2011-12-28 17:05 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-28 17:05 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-28 17:05 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-28 17:05 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-28 17:05 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-28 02:54 . 2011-12-28 02:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-24 18:58 . 2011-12-24 18:58 -------- d-----w- C:\found.003
2011-12-24 06:09 . 2011-12-24 06:19 -------- d-----w- c:\documents and settings\zzz
2011-12-20 15:35 . 2011-12-20 15:35 -------- d-----w- C:\found.002
2011-12-15 04:38 . 2011-12-15 04:38 -------- d-----w- c:\program files\Application Updater
2011-12-15 04:38 . 2011-12-15 04:38 -------- d-----w- c:\program files\IObit Toolbar
2011-12-15 04:38 . 2011-12-15 04:38 -------- d-----w- c:\program files\Common Files\Spigot
2011-12-15 04:38 . 2011-12-15 23:59 -------- d-----w- c:\windows\SxsCaPendDel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 20:52 . 2011-11-29 20:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-09-14 13:39 . 2010-09-14 13:53 728040 ----a-w- c:\program files\k9-webprotection-32.exe
2010-09-09 15:06 . 2010-09-09 15:06 947592 ----a-w- c:\program files\SkypeSetup.exe
2010-08-09 15:22 . 2010-08-20 17:00 114688 ----a-w- c:\program files\DwellClick.exe
2011-12-21 07:24 . 2011-12-28 17:05 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-12-04 3082320]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Attempt\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvF14]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"57917:TCP"= 57917:TCP:Pando Media Booster
"57917:UDP"= 57917:UDP:Pando Media Booster
"1669:TCP"= 1669:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"67:UDP"= 67:UDP:DHCP Server
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [12/28/2011 2:26 PM 490840]
S1 MpKsl019213bb;MpKsl019213bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BB2C68F-DCDC-4B73-9C92-BD2B391E3E79}\MpKsl019213bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BB2C68F-DCDC-4B73-9C92-BD2B391E3E79}\MpKsl019213bb.sys [?]
S1 MpKsl094a6fe4;MpKsl094a6fe4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D816236-B98A-47F5-8754-4171C7145ACF}\MpKsl094a6fe4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D816236-B98A-47F5-8754-4171C7145ACF}\MpKsl094a6fe4.sys [?]
S1 MpKsl0b71300f;MpKsl0b71300f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl0b71300f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl0b71300f.sys [?]
S1 MpKsl0bdd3f69;MpKsl0bdd3f69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{702D8D84-5244-436C-AB47-777E96CF53B2}\MpKsl0bdd3f69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{702D8D84-5244-436C-AB47-777E96CF53B2}\MpKsl0bdd3f69.sys [?]
S1 MpKsl0c92113c;MpKsl0c92113c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF1CB066-2519-4EB0-832B-99917AF5371D}\MpKsl0c92113c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF1CB066-2519-4EB0-832B-99917AF5371D}\MpKsl0c92113c.sys [?]
S1 MpKsl0d0a6e95;MpKsl0d0a6e95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A2EDE7-0783-42B1-B164-71C5EDA32A51}\MpKsl0d0a6e95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66A2EDE7-0783-42B1-B164-71C5EDA32A51}\MpKsl0d0a6e95.sys [?]
S1 MpKsl0e4b5752;MpKsl0e4b5752;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl0e4b5752.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl0e4b5752.sys [?]
S1 MpKsl110dd682;MpKsl110dd682;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl110dd682.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl110dd682.sys [?]
S1 MpKsl1325a289;MpKsl1325a289;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA0E9A55-827F-445C-9772-59A82E25DE75}\MpKsl1325a289.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EA0E9A55-827F-445C-9772-59A82E25DE75}\MpKsl1325a289.sys [?]
S1 MpKsl147becb8;MpKsl147becb8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F1BD61-C6FF-45F6-9CD4-EE92BD225BD4}\MpKsl147becb8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7F1BD61-C6FF-45F6-9CD4-EE92BD225BD4}\MpKsl147becb8.sys [?]
S1 MpKsl167a49c4;MpKsl167a49c4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{702D8D84-5244-436C-AB47-777E96CF53B2}\MpKsl167a49c4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{702D8D84-5244-436C-AB47-777E96CF53B2}\MpKsl167a49c4.sys [?]
S1 MpKsl18597da4;MpKsl18597da4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8DC6ACA2-7ED7-45D8-9C78-4C52999739C4}\MpKsl18597da4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8DC6ACA2-7ED7-45D8-9C78-4C52999739C4}\MpKsl18597da4.sys [?]
S1 MpKsl1e7c5ef1;MpKsl1e7c5ef1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKsl1e7c5ef1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKsl1e7c5ef1.sys [?]
S1 MpKsl1f2b4e44;MpKsl1f2b4e44;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl1f2b4e44.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl1f2b4e44.sys [?]
S1 MpKsl213a83e4;MpKsl213a83e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKsl213a83e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKsl213a83e4.sys [?]
S1 MpKsl23375911;MpKsl23375911;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC1F5F5C-B91D-41DE-BE20-00DA7FF48991}\MpKsl23375911.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC1F5F5C-B91D-41DE-BE20-00DA7FF48991}\MpKsl23375911.sys [?]
S1 MpKsl24b3e70e;MpKsl24b3e70e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21756E69-6B2B-42FD-ACAA-983FA097F5C9}\MpKsl24b3e70e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21756E69-6B2B-42FD-ACAA-983FA097F5C9}\MpKsl24b3e70e.sys [?]
S1 MpKsl2527bed2;MpKsl2527bed2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl2527bed2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl2527bed2.sys [?]
S1 MpKsl2ad75b18;MpKsl2ad75b18;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl2ad75b18.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl2ad75b18.sys [?]
S1 MpKsl349e6996;MpKsl349e6996;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9BEFDE3-6302-4E61-9D1D-062E1B2B544E}\MpKsl349e6996.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9BEFDE3-6302-4E61-9D1D-062E1B2B544E}\MpKsl349e6996.sys [?]
S1 MpKsl3e4d4ec4;MpKsl3e4d4ec4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512E99BD-65C5-453D-A73F-3BF665C25AFC}\MpKsl3e4d4ec4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512E99BD-65C5-453D-A73F-3BF665C25AFC}\MpKsl3e4d4ec4.sys [?]
S1 MpKsl3f4c7084;MpKsl3f4c7084;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl3f4c7084.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A606B111-E96A-47BA-B0D9-B2E2C2A2AAD0}\MpKsl3f4c7084.sys [?]
S1 MpKsl40f1f9fa;MpKsl40f1f9fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65BE6BAC-5542-44B0-9A75-004F26376233}\MpKsl40f1f9fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65BE6BAC-5542-44B0-9A75-004F26376233}\MpKsl40f1f9fa.sys [?]
S1 MpKsl491eae9a;MpKsl491eae9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B7C0A71-355D-4948-83CB-8F66272CB2CA}\MpKsl491eae9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B7C0A71-355D-4948-83CB-8F66272CB2CA}\MpKsl491eae9a.sys [?]
S1 MpKsl4a4fe493;MpKsl4a4fe493;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKsl4a4fe493.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKsl4a4fe493.sys [?]
S1 MpKsl4db250bb;MpKsl4db250bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C678707-399E-4FD1-8784-4E59B3F1DA90}\MpKsl4db250bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C678707-399E-4FD1-8784-4E59B3F1DA90}\MpKsl4db250bb.sys [?]
S1 MpKsl4e9a91da;MpKsl4e9a91da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6CE4DEF-439F-40CF-A126-369836340668}\MpKsl4e9a91da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6CE4DEF-439F-40CF-A126-369836340668}\MpKsl4e9a91da.sys [?]
S1 MpKsl5313efb0;MpKsl5313efb0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F436DEE-3C54-4530-9EA2-3EED10105CBF}\MpKsl5313efb0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F436DEE-3C54-4530-9EA2-3EED10105CBF}\MpKsl5313efb0.sys [?]
S1 MpKsl53368cb1;MpKsl53368cb1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl53368cb1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl53368cb1.sys [?]
S1 MpKsl588a9de2;MpKsl588a9de2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{462543AB-F55B-47AC-9307-C4C8C3AFFC4E}\MpKsl588a9de2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{462543AB-F55B-47AC-9307-C4C8C3AFFC4E}\MpKsl588a9de2.sys [?]
S1 MpKsl5bd85652;MpKsl5bd85652;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2778BDB-5086-425E-8072-183D8A778A50}\MpKsl5bd85652.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2778BDB-5086-425E-8072-183D8A778A50}\MpKsl5bd85652.sys [?]
S1 MpKsl5e06858e;MpKsl5e06858e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4812F3DD-46AF-431E-84A2-68A82A4A836C}\MpKsl5e06858e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4812F3DD-46AF-431E-84A2-68A82A4A836C}\MpKsl5e06858e.sys [?]
S1 MpKsl5e2a547b;MpKsl5e2a547b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl5e2a547b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl5e2a547b.sys [?]
S1 MpKsl62f98d05;MpKsl62f98d05;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7ED27042-4A6B-4882-9F65-15D2EA417C1F}\MpKsl62f98d05.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7ED27042-4A6B-4882-9F65-15D2EA417C1F}\MpKsl62f98d05.sys [?]
S1 MpKsl63fa7a07;MpKsl63fa7a07;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F33D618F-B3BC-4FEA-B745-DD46A4F58497}\MpKsl63fa7a07.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F33D618F-B3BC-4FEA-B745-DD46A4F58497}\MpKsl63fa7a07.sys [?]
S1 MpKsl6999691c;MpKsl6999691c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{726FAFA4-568C-4391-8DBB-649A8B59B8C9}\MpKsl6999691c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{726FAFA4-568C-4391-8DBB-649A8B59B8C9}\MpKsl6999691c.sys [?]
S1 MpKsl6e257cd6;MpKsl6e257cd6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7ED27042-4A6B-4882-9F65-15D2EA417C1F}\MpKsl6e257cd6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7ED27042-4A6B-4882-9F65-15D2EA417C1F}\MpKsl6e257cd6.sys [?]
S1 MpKsl71752315;MpKsl71752315;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl71752315.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF3ED6C-D5C5-4336-BC3C-28FC64C444E1}\MpKsl71752315.sys [?]
S1 MpKsl73bc19e2;MpKsl73bc19e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FA7B327-0563-42AE-B813-28441640B328}\MpKsl73bc19e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8FA7B327-0563-42AE-B813-28441640B328}\MpKsl73bc19e2.sys [?]
S1 MpKsl9d396713;MpKsl9d396713;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD64A532-EE7A-44DD-A286-417F57C05AB5}\MpKsl9d396713.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD64A532-EE7A-44DD-A286-417F57C05AB5}\MpKsl9d396713.sys [?]
S1 MpKsl9d6b41ec;MpKsl9d6b41ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3B09279-4471-4F02-B478-A13886B178A9}\MpKsl9d6b41ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3B09279-4471-4F02-B478-A13886B178A9}\MpKsl9d6b41ec.sys [?]
S1 MpKsl9e64dd03;MpKsl9e64dd03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BA959B9-2291-47F9-8189-116BAC513DF1}\MpKsl9e64dd03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BA959B9-2291-47F9-8189-116BAC513DF1}\MpKsl9e64dd03.sys [?]
S1 MpKsl9f75f555;MpKsl9f75f555;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{294CDD91-9880-4E62-9C64-60BFDEC0F3E1}\MpKsl9f75f555.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{294CDD91-9880-4E62-9C64-60BFDEC0F3E1}\MpKsl9f75f555.sys [?]
S1 MpKsla118975c;MpKsla118975c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DEB0703-3020-46DF-BF43-92710491AFCF}\MpKsla118975c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DEB0703-3020-46DF-BF43-92710491AFCF}\MpKsla118975c.sys [?]
S1 MpKsla246cebc;MpKsla246cebc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F075650C-9678-4B6E-86B9-DEA2903001DB}\MpKsla246cebc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F075650C-9678-4B6E-86B9-DEA2903001DB}\MpKsla246cebc.sys [?]
S1 MpKsla67d5a53;MpKsla67d5a53;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBE98D55-0EE1-436B-934D-B4A77C4F935A}\MpKsla67d5a53.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBE98D55-0EE1-436B-934D-B4A77C4F935A}\MpKsla67d5a53.sys [?]
S1 MpKsla97c84be;MpKsla97c84be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7ED27042-4A6B-4882-9F65-15D2EA417C1F}\MpKsla97c84be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7ED27042-4A6B-4882-9F65-15D2EA417C1F}\MpKsla97c84be.sys [?]
S1 MpKslab7ee4a2;MpKslab7ee4a2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E2530B10-8AE1-4685-9777-84F34D6068B8}\MpKslab7ee4a2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E2530B10-8AE1-4685-9777-84F34D6068B8}\MpKslab7ee4a2.sys [?]
S1 MpKslb0bfffcf;MpKslb0bfffcf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F33D618F-B3BC-4FEA-B745-DD46A4F58497}\MpKslb0bfffcf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F33D618F-B3BC-4FEA-B745-DD46A4F58497}\MpKslb0bfffcf.sys [?]
S1 MpKslb3794776;MpKslb3794776;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A970438-5B1B-46A1-8DA2-3A5CA5A60C60}\MpKslb3794776.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A970438-5B1B-46A1-8DA2-3A5CA5A60C60}\MpKslb3794776.sys [?]
S1 MpKslb710c0dc;MpKslb710c0dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D77B8B0A-9809-4D3F-B4C3-6F64C7BC98AF}\MpKslb710c0dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D77B8B0A-9809-4D3F-B4C3-6F64C7BC98AF}\MpKslb710c0dc.sys [?]
S1 MpKslba6b7938;MpKslba6b7938;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08AA14B3-3086-4B36-851F-76A8E5D76871}\MpKslba6b7938.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08AA14B3-3086-4B36-851F-76A8E5D76871}\MpKslba6b7938.sys [?]
S1 MpKslc38098f6;MpKslc38098f6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKslc38098f6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{143AB476-FDAE-4132-8388-9C82E6C456FA}\MpKslc38098f6.sys [?]
S1 MpKsld630d4d3;MpKsld630d4d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9BEFDE3-6302-4E61-9D1D-062E1B2B544E}\MpKsld630d4d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A9BEFDE3-6302-4E61-9D1D-062E1B2B544E}\MpKsld630d4d3.sys [?]
S1 MpKsld6407038;MpKsld6407038;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37236098-7B64-47B1-B1B4-A31BAAB0D71C}\MpKsld6407038.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{37236098-7B64-47B1-B1B4-A31BAAB0D71C}\MpKsld6407038.sys [?]
S1 MpKsld76663b6;MpKsld76663b6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AE5F53A-8601-476D-9072-6EFA1926CAE6}\MpKsld76663b6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AE5F53A-8601-476D-9072-6EFA1926CAE6}\MpKsld76663b6.sys [?]
S1 MpKsld7e85ed1;MpKsld7e85ed1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89A5A1D8-6B19-47B8-B409-A4B558A9D411}\MpKsld7e85ed1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89A5A1D8-6B19-47B8-B409-A4B558A9D411}\MpKsld7e85ed1.sys [?]
S1 MpKsldb9a82a3;MpKsldb9a82a3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D9363BC-48E8-41F9-BA7D-0E511E65FC68}\MpKsldb9a82a3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D9363BC-48E8-41F9-BA7D-0E511E65FC68}\MpKsldb9a82a3.sys [?]
S1 MpKsle1f6661c;MpKsle1f6661c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F075650C-9678-4B6E-86B9-DEA2903001DB}\MpKsle1f6661c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F075650C-9678-4B6E-86B9-DEA2903001DB}\MpKsle1f6661c.sys [?]
S1 MpKsle563c978;MpKsle563c978;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202CF2EC-ED58-4537-9341-E98DC7D54B39}\MpKsle563c978.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{202CF2EC-ED58-4537-9341-E98DC7D54B39}\MpKsle563c978.sys [?]
S1 MpKsleafabd4b;MpKsleafabd4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADE25629-85A4-4248-ADAA-DD5DEC32C895}\MpKsleafabd4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADE25629-85A4-4248-ADAA-DD5DEC32C895}\MpKsleafabd4b.sys [?]
S1 MpKslee4e0981;MpKslee4e0981;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F907174A-02BB-4389-A9A8-4D5D10B84DF3}\MpKslee4e0981.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F907174A-02BB-4389-A9A8-4D5D10B84DF3}\MpKslee4e0981.sys [?]
S1 MpKslf4cc10bb;MpKslf4cc10bb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F080082-F8D7-40C8-86C5-C08BB9305D74}\MpKslf4cc10bb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F080082-F8D7-40C8-86C5-C08BB9305D74}\MpKslf4cc10bb.sys [?]
S1 MpKslf59de8fc;MpKslf59de8fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC1F5F5C-B91D-41DE-BE20-00DA7FF48991}\MpKslf59de8fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC1F5F5C-B91D-41DE-BE20-00DA7FF48991}\MpKslf59de8fc.sys [?]
S1 MpKslf6e70f7f;MpKslf6e70f7f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C3F2837-3F85-4AFC-8F84-BE8DA64DF827}\MpKslf6e70f7f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C3F2837-3F85-4AFC-8F84-BE8DA64DF827}\MpKslf6e70f7f.sys [?]
S1 MpKslf788366d;MpKslf788366d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0167411E-1149-4941-81EB-D925C376864A}\MpKslf788366d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0167411E-1149-4941-81EB-D925C376864A}\MpKslf788366d.sys [?]
S1 MpKslfb5d562c;MpKslfb5d562c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E9C60CF-4AFC-41F2-9CAE-0122058CF2A5}\MpKslfb5d562c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E9C60CF-4AFC-41F2-9CAE-0122058CF2A5}\MpKslfb5d562c.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys --> c:\windows\system32\drivers\sbtis.sys [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/21/2008 7:00 AM 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 96652679
*NewlyCreated* - HTTPFILTER
*Deregistered* - 96652679
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srvF14
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-11-14 21:40]
.
2011-12-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-20 05:59]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 04:22]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 04:22]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1004Core.job
- c:\documents and settings\Computers for Youth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 18:48]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2672271832-2722486909-231842741-1004UA.job
- c:\documents and settings\Computers for Youth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-06 18:48]
.
2011-12-31 c:\windows\Tasks\User_Feed_Synchronization-{E7F35ED4-816B-4785-A811-18E380C7863C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 188.229.89.121
TCP: Interfaces\{48CEDB26-B912-45F3-B189-2322C18C6BA5}: NameServer = 8.8.8.8
FF - ProfilePath - c:\documents and settings\Computers for Youth\Application Data\Mozilla\Firefox\Profiles\7v9qyl21.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PLTV52&o=100000018&locale=en_US&apn_uid=748c331e-1747-49e1-86b6-ece25705a0d9&apn_ptnrs=E5&apn_sauid=D3891B15-146A-4157-8A9E-726C5AC5FD57&apn_dtid=YYYYYYYYUS&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
SafeBoot-96652679.sys
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-NortonPCCheckup - c:\program files\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.11.20\InstStub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 02:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvF14]
"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvF14.tmp"
.
Completion time: 2011-12-31 02:06:41
ComboFix-quarantined-files.txt 2011-12-31 07:06
.
Pre-Run: 91,565,621,248 bytes free
Post-Run: 92,264,804,352 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 91CB799803F69A1A79F888DF18AB714E
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The following will restore all of the elements that you appear to be missing, once you have done this could you let me know what problems remain

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image


Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image


This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu

Posted Image


Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP