Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Security 2012 and Open With problem [Solved]


  • This topic is locked This topic is locked

#1
gvnaz

gvnaz

    Member

  • Member
  • PipPip
  • 66 posts
XP Security 2012 started popping up on my friends computer so he asked me about it and i recognized the fake security alerts because ive seen them a few times before. also, anything that i try to open pops up the 'Open With' dialogue. i downloaded OTL to the desktop and double clicked it and then had to navigate the Open With window to tell it to open with OTL. very strange behavior that i havent seen before but looking at the topics on the first page of this section of the forums and it looks like others have been experiencing the same type of thing.
i cant get MBAM to run a scan even if i point it to itself when the Open With dialogue pops up.
i did run an extra ESET scan with definitions for today and it came up clean.

thanks for the help!

here is the OTL.Txt

OTL logfile created on: 2012-01-03 11:03:01 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\John Nolan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 60.77% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 46.38 Gb Free Space | 49.79% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: John Nolan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-01-03 11:01:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Nolan\Desktop\OTL.exe
PRC - [2011-11-12 19:18:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-01 03:54:52 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2007-12-21 07:21:16 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007-10-07 19:39:46 | 000,450,560 | ---- | M] (Duality Software) -- C:\Program Files\DS Clock\dsclock.exe
PRC - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005-04-20 09:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe
PRC - [2005-03-14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004-09-07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004-09-07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004-09-07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-12 19:18:05 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-11-04 06:54:16 | 000,930,304 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011-07-09 22:17:03 | 006,271,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2005-09-08 16:58:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005-09-08 16:58:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2004-09-07 16:03:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL


========== Win32 Services (SafeList) ==========

SRV - [2008-03-01 03:58:08 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007-12-21 07:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005-04-20 09:34:12 | 000,487,936 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc)
SRV - [2005-03-14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004-09-07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - [2008-03-01 03:56:36 | 000,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2008-03-01 03:56:34 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008-03-01 03:56:30 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2008-03-01 03:53:16 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-03-01 03:52:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2005-05-03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005-05-03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005-05-03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-03-10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005-01-25 15:55:08 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004-10-21 15:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004-08-31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004-08-12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004-06-17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001-08-22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}:0.6.0.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1.3
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dc0fa13c-3dae-73eb-e852-912722c852f9}:0.3
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.10
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.74.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-12 19:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-10-17 21:07:08 | 000,000,000 | ---D | M]

[2008-08-31 23:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Extensions
[2011-12-29 17:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions
[2011-12-08 19:51:38 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011-04-08 09:35:34 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010-03-14 17:45:30 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2011-07-21 17:47:38 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011-07-09 21:24:09 | 000,000,000 | ---D | M] (QuickNote) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2011-10-18 08:38:51 | 000,000,000 | ---D | M] (Fast Dial Fx6) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\[email protected]
[2011-11-17 20:29:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\extensions\[email protected]
[2011-12-29 16:35:17 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\ancestry---surnames.xml
[2011-12-29 16:35:21 | 000,006,240 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\bible-gateway.xml
[2011-12-29 16:35:18 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\buycom.xml
[2011-12-29 16:35:20 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\imdb.xml
[2011-12-29 16:35:20 | 000,002,728 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\newegg.xml
[2011-12-29 16:35:21 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\John Nolan\Application Data\Mozilla\Firefox\Profiles\7omdhf4a.default\searchplugins\youtube.xml
[2011-11-12 19:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\{54BB9F3F-07E5-486C-9B39-C7398B99391C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHN NOLAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OMDHF4A.DEFAULT\EXTENSIONS\[email protected]
[2011-11-12 19:18:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-05-04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007-05-11 16:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2011-04-12 08:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011-09-28 16:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-11-12 19:18:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011-07-09 17:56:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [DS Clock] C:\Program Files\DS Clock\dsclock.exe (Duality Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1209536045436 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 138.210.82.250 71.2.28.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E7C5D4-5D61-42DA-B736-22737225A470}: DhcpNameServer = 138.210.82.250 71.2.28.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\John Nolan\Application Data\nView_Wallpaper\PerMonitorWallpaper0.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John Nolan\Application Data\nView_Wallpaper\PerMonitorWallpaper0.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-02-23 18:27:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = F2T] -- "C:\DOCUME~1\JOHNNO~1\LOCALS~1\Temp\321.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-03 11:01:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Nolan\Desktop\OTL.exe
[2011-12-15 18:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\Nero
[2011-12-15 18:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Nolan\My Documents\Nero

========== Files - Modified Within 30 Days ==========

[2012-01-03 11:01:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Nolan\Desktop\OTL.exe
[2012-01-03 10:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-01-03 07:51:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012-01-03 07:30:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-01-03 07:30:09 | 000,140,151 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012-01-03 07:29:49 | 000,013,348 | -HS- | M] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\7lad6plo25p28rt7b2clsb
[2012-01-03 07:29:49 | 000,013,348 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7lad6plo25p28rt7b2clsb
[2012-01-03 07:29:46 | 000,029,940 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-01-03 07:29:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-01-03 07:29:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-01-03 07:29:36 | 2146,922,496 | -HS- | M] () -- C:\hiberfil.sys
[2012-01-02 15:00:38 | 140,144,640 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\VERTZ5~4.FBK
[2012-01-02 14:58:03 | 332,923,392 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\VERTZ5~2_exported errors fixed2.FTW
[2012-01-02 07:49:08 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011-12-31 07:18:29 | 000,503,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-12-31 07:18:29 | 000,087,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-12-15 21:35:53 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-12-15 19:05:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-12-15 18:51:57 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\John Nolan\.rnd
[2011-12-13 19:09:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2011-12-05 13:35:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012-01-02 14:56:02 | 000,013,348 | -HS- | C] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\7lad6plo25p28rt7b2clsb
[2012-01-02 14:56:02 | 000,013,348 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7lad6plo25p28rt7b2clsb
[2010-01-30 20:35:08 | 000,025,596 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009-09-25 11:05:28 | 000,105,166 | ---- | C] () -- C:\WINDOWS\HPFins09.dat.temp
[2009-09-25 11:05:28 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat.temp
[2009-01-18 23:30:09 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\John Nolan\Application Data\PnkBstrK.sys
[2008-05-26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008-05-05 19:30:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-03-21 17:57:15 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008-03-21 17:57:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008-03-21 17:56:20 | 000,000,732 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008-03-21 16:07:31 | 000,102,833 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2008-03-21 16:07:31 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2008-03-13 06:34:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008-02-28 09:01:50 | 000,001,808 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008-02-25 21:42:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008-02-23 21:35:52 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008-02-23 21:32:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-02-23 21:20:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008-02-23 21:00:34 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-02-23 18:53:45 | 000,140,151 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008-02-23 18:51:25 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008-02-23 18:51:25 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-02-23 18:51:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-02-23 18:51:24 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-02-23 18:51:22 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-02-23 18:51:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008-02-23 18:51:19 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008-02-23 18:51:17 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-02-23 18:42:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008-02-23 18:29:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-02-23 18:23:49 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-02-23 10:17:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-02-23 10:16:35 | 000,142,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-02-11 08:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008-02-11 08:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008-02-08 12:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008-02-05 07:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007-12-14 11:32:52 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2007-09-27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007-07-27 13:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007-07-27 13:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2005-12-05 18:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005-12-05 11:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005-03-21 17:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005-03-21 17:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004-08-04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 04:00:00 | 000,503,348 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 04:00:00 | 000,087,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001-07-06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008-08-14 11:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008-02-23 20:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008-04-22 18:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ktetifmn
[2009-09-03 15:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-03-25 17:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011-05-28 06:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-01-29 17:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-05-07 11:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008-04-12 21:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Amazon
[2011-04-21 23:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Auslogics
[2008-03-23 19:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\drms
[2008-02-23 22:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Duality Software
[2008-08-14 11:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\ESET
[2010-07-24 14:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\id Software
[2009-09-24 16:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Image Zone Express
[2011-07-09 22:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\IrfanView
[2008-02-23 21:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\MyFamily.com
[2012-01-03 07:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\nView_Wallpaper
[2009-07-04 14:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\SystemRequirementsLab
[2009-03-22 23:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Windows Desktop Search
[2009-03-27 09:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\Windows Search
[2008-04-28 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Nolan\Application Data\WinPatrol
[2011-12-13 19:09:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics Disk Defrag Sheduled Defragmentation.job
[2012-01-03 07:51:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello gvnaz and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller.scr to your Desktop
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O37 - HKCU\...exe [@ = F2T] -- "C:\DOCUME~1\JOHNNO~1\LOCALS~1\Temp\321.exe" -a "%1" %*
    [2012-01-03 07:29:49 | 000,013,348 | -HS- | M] () -- C:\Documents and Settings\John Nolan\Local Settings\Application Data\7lad6plo25p28rt7b2clsb
    [2012-01-03 07:29:49 | 000,013,348 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7lad6plo25p28rt7b2clsb

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Update Malwarebytes and run Quick Scan. Post log after the scan.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
everything seems to be working better. File associations are working again and MBAM updated and is scanning now. Will post that log when done.

TheKiller
TheKiller v0.2 by maliprog
Log file created on 01/04/2012
Operating system: Windows 2000/XP Service Pack 3
-------------------------------

File associations resetted

-------------------------------
All Done!


OTL log
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\F2T\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Documents and Settings\John Nolan\Local Settings\Application Data\7lad6plo25p28rt7b2clsb not found.
C:\Documents and Settings\All Users\Application Data\7lad6plo25p28rt7b2clsb moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\John Nolan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\John Nolan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: John Nolan
->Temp folder emptied: 376832 bytes
->Temporary Internet Files folder emptied: 5350867 bytes
->Java cache emptied: 12218 bytes
->FireFox cache emptied: 41135656 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 18700 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 240954 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 165318197 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 585042858 bytes

Total Files Cleaned = 761.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01042012_072306

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.04.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John Nolan :: LAPPY [administrator]

2012-01-04 7:33:26 AM
mbam-log-2012-01-04 (07-33-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187089
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#5
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I didn't realize there was an OTL extras.txt, so here it is.


OTL Extras logfile created on: 2012-01-03 11:03:01 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\John Nolan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 60.77% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 46.38 Gb Free Space | 49.79% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: John Nolan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = F2T] -- "C:\DOCUME~1\JOHNNO~1\LOCALS~1\Temp\321.exe" -a "%1" %*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Disabled:Nero ControlCenter -- (Nero AG)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6ECB944F-D027-4E8A-9906-70E77C005AD5}" = ESET Smart Security
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 9.20
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"DS Clock_is1" = DS Clock
"EsetOnlineScanner" = ESET Online Scanner
"FileHippo.com" = FileHippo.com Update Checker
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"POWERPOINT" = Microsoft Office PowerPoint 2007
"ProInst" = Intel® PROSet/Wireless Software
"RegSupreme Pro_is1" = RegSupreme Pro 1.0
"Revo Uninstaller" = Revo Uninstaller 1.92
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 1.0.3
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-10-28 2:08:47 PM | Computer Name = LAPPY | Source = nview_info | ID = 11141121
Description =

Error - 2011-11-17 11:13:17 AM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 8.0.0.4325, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011-11-17 11:33:15 AM | Computer Name = LAPPY | Source = nview_info | ID = 11141121
Description =

Error - 2011-11-18 8:04:27 PM | Computer Name = LAPPY | Source = nview_info | ID = 11141121
Description =

Error - 2011-11-18 8:04:53 PM | Computer Name = LAPPY | Source = nview_info | ID = 11141121
Description =

Error - 2011-11-18 8:05:24 PM | Computer Name = LAPPY | Source = nview_info | ID = 11141121
Description =

Error - 2011-12-01 1:23:07 AM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application Ftw.exe, version 16.0.350.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2012-01-01 11:03:09 AM | Computer Name = LAPPY | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 2012-01-02 7:00:38 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application Ftw.exe, version 16.0.350.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2012-01-02 7:00:38 PM | Computer Name = LAPPY | Source = Application Hang | ID = 1002
Description = Hanging application Ftw.exe, version 16.0.350.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2011-10-25 1:18:57 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 2011-11-07 6:18:02 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 2011-11-14 6:12:21 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 2011-11-17 12:45:41 PM | Computer Name = LAPPY | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0013CE307F64. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 2011-12-01 5:52:28 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 2011-12-08 1:06:59 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 2011-12-09 9:25:23 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 2011-12-16 12:16:45 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.

Error - 2012-01-02 3:02:30 PM | Computer Name = LAPPY | Source = DCOM | ID = 10010
Description = The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that. Let's do two more scans.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#7
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
11:44:16.0484 3284 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:44:17.0312 3284 ============================================================
11:44:17.0312 3284 Current date / time: 2012/01/04 11:44:17.0312
11:44:17.0312 3284 SystemInfo:
11:44:17.0312 3284
11:44:17.0312 3284 OS Version: 5.1.2600 ServicePack: 3.0
11:44:17.0312 3284 Product type: Workstation
11:44:17.0312 3284 ComputerName: LAPPY
11:44:17.0312 3284 UserName: John Nolan
11:44:17.0312 3284 Windows directory: C:\WINDOWS
11:44:17.0312 3284 System windows directory: C:\WINDOWS
11:44:17.0312 3284 Processor architecture: Intel x86
11:44:17.0312 3284 Number of processors: 1
11:44:17.0312 3284 Page size: 0x1000
11:44:17.0312 3284 Boot type: Normal boot
11:44:17.0312 3284 ============================================================
11:44:18.0937 3284 Initialize success
11:44:22.0999 2508 ============================================================
11:44:22.0999 2508 Scan started
11:44:22.0999 2508 Mode: Manual;
11:44:22.0999 2508 ============================================================
11:44:24.0202 2508 Abiosdsk - ok
11:44:24.0234 2508 abp480n5 - ok
11:44:24.0312 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:44:24.0312 2508 ACPI - ok
11:44:24.0390 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:44:24.0406 2508 ACPIEC - ok
11:44:24.0468 2508 adpu160m - ok
11:44:24.0515 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:44:24.0515 2508 aec - ok
11:44:24.0609 2508 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:44:24.0609 2508 AegisP - ok
11:44:24.0702 2508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:44:24.0702 2508 AFD - ok
11:44:24.0859 2508 Aha154x - ok
11:44:24.0890 2508 aic78u2 - ok
11:44:24.0921 2508 aic78xx - ok
11:44:25.0062 2508 AliIde - ok
11:44:25.0234 2508 amsint - ok
11:44:25.0468 2508 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:44:25.0484 2508 Arp1394 - ok
11:44:25.0499 2508 asc - ok
11:44:25.0515 2508 asc3350p - ok
11:44:25.0546 2508 asc3550 - ok
11:44:25.0593 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:44:25.0609 2508 AsyncMac - ok
11:44:25.0656 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:44:25.0656 2508 atapi - ok
11:44:25.0702 2508 Atdisk - ok
11:44:25.0765 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:44:25.0796 2508 Atmarpc - ok
11:44:25.0859 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:44:25.0890 2508 audstub - ok
11:44:25.0984 2508 b57w2k (31e4790d95e6c6bddb5ab79b10b02d4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:44:26.0031 2508 b57w2k - ok
11:44:26.0202 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:44:26.0202 2508 Beep - ok
11:44:26.0281 2508 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:44:26.0281 2508 BthEnum - ok
11:44:26.0312 2508 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:44:26.0312 2508 BthPan - ok
11:44:26.0390 2508 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
11:44:26.0390 2508 BTHPORT - ok
11:44:26.0421 2508 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:44:26.0468 2508 BTHUSB - ok
11:44:26.0515 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:44:26.0515 2508 cbidf2k - ok
11:44:26.0531 2508 cd20xrnt - ok
11:44:26.0593 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:44:26.0593 2508 Cdaudio - ok
11:44:26.0687 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:44:26.0718 2508 Cdfs - ok
11:44:26.0796 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:44:26.0796 2508 Cdrom - ok
11:44:26.0843 2508 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
11:44:26.0843 2508 cercsr6 - ok
11:44:26.0874 2508 Changer - ok
11:44:26.0952 2508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:44:26.0952 2508 CmBatt - ok
11:44:27.0015 2508 CmdIde - ok
11:44:27.0062 2508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:44:27.0062 2508 Compbatt - ok
11:44:27.0077 2508 Cpqarray - ok
11:44:27.0109 2508 dac2w2k - ok
11:44:27.0124 2508 dac960nt - ok
11:44:27.0140 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:44:27.0140 2508 Disk - ok
11:44:27.0202 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:44:27.0218 2508 dmboot - ok
11:44:27.0234 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
11:44:27.0234 2508 dmio - ok
11:44:27.0249 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:44:27.0249 2508 dmload - ok
11:44:27.0296 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:44:27.0296 2508 DMusic - ok
11:44:27.0343 2508 dpti2o - ok
11:44:27.0374 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:44:27.0374 2508 drmkaud - ok
11:44:27.0452 2508 eamon (cb2c172cceac6dfb4576c6fb884d2520) C:\WINDOWS\system32\DRIVERS\eamon.sys
11:44:27.0452 2508 eamon - ok
11:44:27.0499 2508 easdrv (4a9915fbbfe68668f4b6b1630dd90886) C:\WINDOWS\system32\DRIVERS\easdrv.sys
11:44:27.0531 2508 easdrv - ok
11:44:27.0624 2508 epfw (b767f50ee389c005f0f158dc46e9b1c8) C:\WINDOWS\system32\DRIVERS\epfw.sys
11:44:27.0624 2508 epfw - ok
11:44:27.0687 2508 Epfwndis (b1161889d07b6cbfa8e66e0675f6a10a) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
11:44:27.0687 2508 Epfwndis - ok
11:44:27.0781 2508 epfwtdi (f94c67f39716ed0aaccb111d10576d5d) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
11:44:27.0781 2508 epfwtdi - ok
11:44:27.0843 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:44:27.0843 2508 Fastfat - ok
11:44:27.0921 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:44:27.0937 2508 Fdc - ok
11:44:27.0984 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:44:27.0984 2508 Fips - ok
11:44:28.0015 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:44:28.0046 2508 Flpydisk - ok
11:44:28.0109 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:44:28.0109 2508 FltMgr - ok
11:44:28.0140 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:44:28.0187 2508 Fs_Rec - ok
11:44:28.0249 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:44:28.0249 2508 Ftdisk - ok
11:44:28.0406 2508 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:44:28.0406 2508 GEARAspiWDM - ok
11:44:28.0452 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:44:28.0452 2508 Gpc - ok
11:44:28.0499 2508 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:44:28.0531 2508 hidusb - ok
11:44:28.0562 2508 hpn - ok
11:44:28.0671 2508 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
11:44:28.0671 2508 HSFHWICH - ok
11:44:28.0765 2508 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:44:28.0781 2508 HSF_DP - ok
11:44:28.0859 2508 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
11:44:29.0015 2508 HSF_DPV - ok
11:44:29.0156 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:44:29.0156 2508 HTTP - ok
11:44:29.0187 2508 i2omgmt - ok
11:44:29.0218 2508 i2omp - ok
11:44:29.0296 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:44:29.0343 2508 i8042prt - ok
11:44:29.0359 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:44:29.0359 2508 Imapi - ok
11:44:29.0390 2508 ini910u - ok
11:44:29.0421 2508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:44:29.0452 2508 IntelIde - ok
11:44:29.0484 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:44:29.0484 2508 intelppm - ok
11:44:29.0531 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:44:29.0531 2508 Ip6Fw - ok
11:44:29.0562 2508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:44:29.0562 2508 IpFilterDriver - ok
11:44:29.0671 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:44:29.0687 2508 IpInIp - ok
11:44:29.0749 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:44:29.0749 2508 IpNat - ok
11:44:29.0843 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:44:29.0874 2508 IPSec - ok
11:44:30.0031 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:44:30.0031 2508 IRENUM - ok
11:44:30.0077 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:44:30.0093 2508 isapnp - ok
11:44:30.0171 2508 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
11:44:30.0249 2508 IWCA - ok
11:44:30.0390 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:44:30.0421 2508 Kbdclass - ok
11:44:30.0437 2508 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:44:30.0437 2508 kbdhid - ok
11:44:30.0468 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:44:30.0468 2508 kmixer - ok
11:44:30.0515 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:44:30.0515 2508 KSecDD - ok
11:44:30.0640 2508 lbrtfdc - ok
11:44:30.0718 2508 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:44:30.0718 2508 mdmxsdk - ok
11:44:30.0796 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:44:30.0796 2508 mnmdd - ok
11:44:30.0859 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:44:30.0859 2508 Modem - ok
11:44:30.0874 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:44:30.0890 2508 Mouclass - ok
11:44:30.0952 2508 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:44:30.0952 2508 mouhid - ok
11:44:31.0093 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:44:31.0093 2508 MountMgr - ok
11:44:31.0109 2508 mraid35x - ok
11:44:31.0124 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:44:31.0124 2508 MRxDAV - ok
11:44:31.0218 2508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:44:31.0218 2508 MRxSmb - ok
11:44:31.0249 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:44:31.0281 2508 Msfs - ok
11:44:31.0312 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:44:31.0359 2508 MSKSSRV - ok
11:44:31.0499 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:44:31.0499 2508 MSPCLOCK - ok
11:44:31.0515 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:44:31.0515 2508 MSPQM - ok
11:44:31.0562 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:44:31.0562 2508 mssmbios - ok
11:44:31.0624 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:44:31.0624 2508 Mup - ok
11:44:31.0765 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:44:31.0765 2508 NDIS - ok
11:44:31.0827 2508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:44:31.0827 2508 NdisTapi - ok
11:44:31.0859 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:44:31.0874 2508 Ndisuio - ok
11:44:31.0890 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:44:31.0906 2508 NdisWan - ok
11:44:31.0937 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:44:31.0937 2508 NDProxy - ok
11:44:32.0046 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:44:32.0077 2508 NetBIOS - ok
11:44:32.0109 2508 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:44:32.0140 2508 NetBT - ok
11:44:32.0187 2508 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:44:32.0187 2508 NIC1394 - ok
11:44:32.0202 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:44:32.0202 2508 Npfs - ok
11:44:32.0249 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:44:32.0281 2508 Ntfs - ok
11:44:32.0327 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:44:32.0374 2508 Null - ok
11:44:32.0656 2508 nv (10a431a5854ab1679b84ed803d272d60) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:44:32.0687 2508 nv - ok
11:44:32.0734 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:44:32.0765 2508 NwlnkFlt - ok
11:44:32.0796 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:44:32.0812 2508 NwlnkFwd - ok
11:44:33.0171 2508 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:44:33.0171 2508 ohci1394 - ok
11:44:33.0249 2508 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
11:44:33.0296 2508 OMCI - ok
11:44:33.0390 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:44:33.0390 2508 Parport - ok
11:44:33.0499 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:44:33.0499 2508 PartMgr - ok
11:44:33.0577 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:44:33.0577 2508 ParVdm - ok
11:44:33.0671 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:44:33.0687 2508 PCI - ok
11:44:33.0781 2508 PCIDump - ok
11:44:33.0827 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:44:33.0827 2508 PCIIde - ok
11:44:33.0874 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:44:33.0874 2508 Pcmcia - ok
11:44:33.0952 2508 PDCOMP - ok
11:44:33.0984 2508 PDFRAME - ok
11:44:34.0015 2508 PDRELI - ok
11:44:34.0046 2508 PDRFRAME - ok
11:44:34.0093 2508 perc2 - ok
11:44:34.0124 2508 perc2hib - ok
11:44:34.0281 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:44:34.0296 2508 PptpMiniport - ok
11:44:34.0406 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:44:34.0406 2508 PSched - ok
11:44:34.0484 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:44:34.0484 2508 Ptilink - ok
11:44:34.0499 2508 ql1080 - ok
11:44:34.0515 2508 Ql10wnt - ok
11:44:34.0531 2508 ql12160 - ok
11:44:34.0546 2508 ql1240 - ok
11:44:34.0562 2508 ql1280 - ok
11:44:34.0640 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:44:34.0640 2508 RasAcd - ok
11:44:34.0702 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:44:34.0734 2508 Rasl2tp - ok
11:44:34.0749 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:44:34.0749 2508 RasPppoe - ok
11:44:34.0765 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:44:34.0796 2508 Raspti - ok
11:44:34.0827 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:44:34.0827 2508 Rdbss - ok
11:44:34.0843 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:44:34.0874 2508 RDPCDD - ok
11:44:34.0906 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:44:34.0921 2508 rdpdr - ok
11:44:34.0999 2508 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:44:35.0046 2508 RDPWD - ok
11:44:35.0202 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:44:35.0202 2508 redbook - ok
11:44:35.0281 2508 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:44:35.0281 2508 RFCOMM - ok
11:44:35.0359 2508 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:44:35.0374 2508 s24trans - ok
11:44:35.0437 2508 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:44:35.0499 2508 sdbus - ok
11:44:35.0577 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:44:35.0577 2508 Secdrv - ok
11:44:35.0656 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
11:44:35.0671 2508 Serial - ok
11:44:35.0749 2508 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11:44:35.0796 2508 sffdisk - ok
11:44:35.0968 2508 sffp_mmc (d66d22d76878bf3483a6be30183fb648) C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys
11:44:36.0015 2508 sffp_mmc - ok
11:44:36.0046 2508 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11:44:36.0093 2508 sffp_sd - ok
11:44:36.0109 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:44:36.0109 2508 Sfloppy - ok
11:44:36.0140 2508 Simbad - ok
11:44:36.0156 2508 Sparrow - ok
11:44:36.0218 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:44:36.0218 2508 splitter - ok
11:44:36.0265 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:44:36.0265 2508 sr - ok
11:44:36.0327 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:44:36.0327 2508 Srv - ok
11:44:36.0406 2508 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
11:44:36.0421 2508 STAC97 - ok
11:44:36.0531 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:44:36.0562 2508 swenum - ok
11:44:36.0624 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:44:36.0640 2508 swmidi - ok
11:44:36.0656 2508 symc810 - ok
11:44:36.0671 2508 symc8xx - ok
11:44:36.0702 2508 sym_hi - ok
11:44:36.0718 2508 sym_u3 - ok
11:44:36.0734 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:44:36.0734 2508 sysaudio - ok
11:44:36.0812 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:44:36.0812 2508 Tcpip - ok
11:44:36.0874 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:44:36.0921 2508 TDPIPE - ok
11:44:36.0952 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:44:36.0968 2508 TDTCP - ok
11:44:37.0015 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:44:37.0093 2508 TermDD - ok
11:44:37.0109 2508 TosIde - ok
11:44:37.0156 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:44:37.0156 2508 Udfs - ok
11:44:37.0281 2508 UIUSys - ok
11:44:37.0312 2508 ultra - ok
11:44:37.0406 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:44:37.0421 2508 Update - ok
11:44:37.0515 2508 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:44:37.0562 2508 USBAAPL - ok
11:44:37.0609 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:44:37.0609 2508 usbccgp - ok
11:44:37.0640 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:44:37.0671 2508 usbehci - ok
11:44:37.0687 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:44:37.0702 2508 usbhub - ok
11:44:37.0765 2508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:44:37.0781 2508 usbprint - ok
11:44:37.0796 2508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:44:37.0796 2508 USBSTOR - ok
11:44:37.0843 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:44:37.0843 2508 usbuhci - ok
11:44:37.0874 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:44:37.0874 2508 VgaSave - ok
11:44:37.0890 2508 ViaIde - ok
11:44:37.0921 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:44:37.0921 2508 VolSnap - ok
11:44:38.0218 2508 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:44:38.0249 2508 w29n51 - ok
11:44:38.0343 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:44:38.0343 2508 Wanarp - ok
11:44:38.0437 2508 WDICA - ok
11:44:38.0484 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:44:38.0499 2508 wdmaud - ok
11:44:38.0624 2508 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:44:38.0765 2508 winachsf - ok
11:44:38.0921 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:44:38.0921 2508 WudfPf - ok
11:44:39.0093 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:44:39.0093 2508 WudfRd - ok
11:44:39.0140 2508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:44:39.0327 2508 \Device\Harddisk0\DR0 - ok
11:44:39.0343 2508 Boot (0x1200) (7b758c50cdf442ad75ced168b6a2ee61) \Device\Harddisk0\DR0\Partition0
11:44:39.0343 2508 \Device\Harddisk0\DR0\Partition0 - ok
11:44:39.0343 2508 ============================================================
11:44:39.0343 2508 Scan finished
11:44:39.0343 2508 ============================================================
11:44:39.0359 1764 Detected object count: 0
11:44:39.0359 1764 Actual detected object count: 0
  • 0

#8
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 13:21:45
-----------------------------
13:21:45.640 OS Version: Windows 5.1.2600 Service Pack 3
13:21:45.640 Number of processors: 1 586 0xD08
13:21:45.640 ComputerName: LAPPY UserName:
13:21:46.265 Initialize success
13:32:28.593 AVAST engine defs: 12010401
13:32:49.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:32:49.937 Disk 0 Vendor: FUJITSU_MHV2100AH 00000096 Size: 95396MB BusType: 3
13:32:49.984 Disk 0 MBR read successfully
13:32:49.984 Disk 0 MBR scan
13:32:50.031 Disk 0 Windows XP default MBR code
13:32:50.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95385 MB offset 63
13:32:50.031 Disk 0 scanning sectors +195350400
13:32:50.109 Disk 0 scanning C:\WINDOWS\system32\drivers
13:33:08.827 Service scanning
13:33:09.859 Modules scanning
13:33:17.687 Disk 0 trace - called modules:
13:33:17.702 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:33:17.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a58bab8]
13:33:17.718 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a644d98]
13:33:18.781 AVAST engine scan C:\WINDOWS
13:33:27.984 AVAST engine scan C:\WINDOWS\system32
13:36:51.827 AVAST engine scan C:\WINDOWS\system32\drivers
13:37:16.312 AVAST engine scan C:\Documents and Settings\John Nolan
13:46:07.124 AVAST engine scan C:\Documents and Settings\All Users
13:48:23.796 Scan finished successfully
13:49:02.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Nolan\Desktop\MBR.dat"
13:49:02.156 The log file has been saved successfully to "C:\Documents and Settings\John Nolan\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   546bytes   19 downloads

  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gvnaz,

How is your system now? Any problems?
  • 0

#10
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Everything seems to be back to normal.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
gvnaz

gvnaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
all done, thanks a lot maliprog!
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP