Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security Protection Warning virus [Solved]


  • This topic is locked This topic is locked

#16
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Notepad won't open so I will try the other method as soon as I can.
  • 0

Advertisements


#17
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I am running Malwarebytes right now. Do you want me to remove what it finds?

Do you also want the copy of the printout that it gives as well as the OTL findings?
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep give me everything that you get please.. How did you get MBAM to run ?
  • 0

#19
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I am using a USB to SATA/IDE adapter to run the infected drive as a slave drive on my computer.
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah good move - yes allow MBAM to kill all it finds

You should then be able to restore the drive to the other system and do a full OTL scan
  • 0

#21
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ben :: DESKTOP-BEN [administrator]

Protection: Enabled

1/16/2012 11:59:32 am
mbam-log-2012-01-16 (12-51-28).txt

Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 78295
Time elapsed: 50 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 55
I:\Documents and Settings\Embrey Family\Local Settings\Temp\0.249176633455356.exe (Backdoor.Agent) -> No action taken.
I:\Documents and Settings\Guest\Application Data\defender.exe (Spyware.Passwords.XGen) -> No action taken.
I:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\54\35838736-3bdf4220 (Spyware.Passwords.XGen) -> No action taken.
I:\Documents and Settings\Guest\Local Settings\Temp\9.tmp (Spyware.Passwords.XGen) -> No action taken.
I:\Documents and Settings\Guest\Local Settings\Temp\9480.exe (Trojan.FakeAlert) -> No action taken.
I:\Documents and Settings\Guest\Local Settings\Temp\A.tmp (Spyware.Passwords.XGen) -> No action taken.
I:\Program Files\Internet Explorer\msimg32.dll (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.vir (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.vir (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (PUP.FunWebProducts) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
I:\Program Files\RelevantKnowledge\rlls.dll (Adware.RelevantKnowledge) -> No action taken.
I:\Program Files\RelevantKnowledge\rlls.dll.vir (Adware.RelevantKnowledge) -> No action taken.
I:\Program Files\RelevantKnowledge\rlph.dll (Adware.RelevantKnowledge) -> No action taken.
I:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> No action taken.
I:\Program Files\RelevantKnowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> No action taken.
I:\Program Files\RelevantKnowledge\rlxf.dll (Adware.RelevantKnowledge) -> No action taken.
I:\Program Files\RelevantKnowledge\components\rlxg.dll (Adware.RelevantKnowledge) -> No action taken.
I:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
I:\WINDOWS\system32\smsc.exe (Malware.Packer.Gen) -> No action taken.
I:\WINDOWS\Temp\regincd2.exe (Spyware.OnLineGames) -> No action taken.

(end)
OTL logfile created on: 1/16/2012 1:34:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 59.49 Mb Available Physical Memory | 23.28% Memory free
618.96 Mb Paging File | 303.93 Mb Available in Paging File | 49.10% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 16.43 Gb Free Space | 33.64% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 7.84 Gb Free Space | 92.95% Space Free | Partition Type: NTFS

Computer Name: BOYS | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 13:30:32 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTH.scr
PRC - [2012/01/16 13:26:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.scr
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/05/07 17:24:32 | 000,086,016 | ---- | M] () -- C:\Program Files\Common\Bin\WinCinemaMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/15 15:06:34 | 000,022,168 | ---- | M] () -- C:\Documents and Settings\Guest\Local Settings\Temp\msfat32
MOD - [2011/01/19 16:21:08 | 000,323,597 | ---- | M] () -- c:\Program Files\Shared\shared.dll
MOD - [2004/09/30 04:21:56 | 000,039,488 | ---- | M] () -- C:\Program Files\ewido anti-malware\shellhook.dll
MOD - [2002/05/07 17:24:32 | 000,086,016 | ---- | M] () -- C:\Program Files\Common\Bin\WinCinemaMgr.exe
MOD - [2002/03/12 12:51:46 | 000,036,864 | ---- | M] () -- C:\Program Files\ID3man\ID3manExt.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 8C F1 C3 93 D4 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2012/01/16 12:52:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\3.bin [2012/01/16 12:52:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2009/05/26 14:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2010/03/07 13:56:52 | 000,000,000 | ---D | M]

[2008/11/30 18:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qde1htcb.default\extensions
[2008/11/30 18:56:30 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qde1htcb.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/07 11:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2005/11/05 11:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2005/11/05 11:09:00 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/09/15 18:26:00 | 000,041,573 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/09/15 18:26:00 | 000,048,223 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2005/09/15 18:26:00 | 000,160,871 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/10/04 20:24:00 | 003,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2005/09/15 18:26:00 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2005/09/15 18:26:00 | 000,000,735 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2005/09/15 18:26:00 | 000,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2005/09/15 18:26:00 | 000,000,976 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2005/09/15 18:26:00 | 000,000,557 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.png
[2005/09/15 18:26:00 | 000,000,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.src
[2005/09/15 18:26:00 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2005/09/15 18:26:00 | 000,001,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2005/09/15 18:26:00 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2009/10/14 21:01:16 | 000,000,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2005/09/15 18:26:00 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2005/09/15 18:26:00 | 000,001,098 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2005/08/28 12:07:48 | 000,000,813 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL File not found
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Shared Library) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - c:\Program Files\Shared\shared.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [Security Protection] C:\Documents and Settings\Guest\Application Data\defender.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1125255182738 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1125264885620 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7867.9384837963 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystan...acheManager.CAB (CacheManager.CacheManagerCtrl)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C787C01-2787-48CC-B33A-16236AA3378A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96DDB679-F541-42C2-8A46-6211AABD6E01}: DhcpNameServer = 172.27.35.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido anti-malware\shellhook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/03 21:20:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\bss.dll ()
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 13:30:31 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTH.scr
[2012/01/16 13:26:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.scr
[2012/01/14 11:14:27 | 000,000,000 | ---D | C] -- C:\dc139df1eef5b817154b0c407b
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 13:30:32 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTH.scr
[2012/01/16 13:26:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\Desktop\OTL.scr
[2012/01/16 13:11:46 | 003,837,952 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Belkin USB Wireless Adaptor.msi
[2012/01/16 13:11:45 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\1033.MST
[2012/01/16 13:11:44 | 000,021,494 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\0x0409.ini
[2012/01/16 13:05:54 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 13:05:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 13:05:41 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/13 12:29:06 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Guest\Desktop\Internet Explorer.lnk
[2012/01/13 10:31:05 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 10:31:05 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 13:11:09 | 003,837,952 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\Belkin USB Wireless Adaptor.msi
[2012/01/16 13:11:09 | 000,021,494 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\0x0409.ini
[2012/01/16 13:11:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\1033.MST
[2012/01/13 12:29:06 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\Internet Explorer.lnk
[2011/08/02 18:00:05 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\On54RHoX.exe
[2010/03/07 13:19:29 | 000,011,486 | -HS- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\omn2MB67
[2008/06/03 12:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2006/09/10 16:44:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/06/05 18:29:05 | 000,299,923 | ---- | C] () -- C:\WINDOWS\System32\drivers\sonyhcs.sys
[2006/06/05 18:29:05 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SONYHCY.DLL
[2006/06/05 18:29:05 | 000,038,739 | ---- | C] () -- C:\WINDOWS\System32\drivers\sonyhcc.sys
[2006/06/05 18:29:05 | 000,006,097 | ---- | C] () -- C:\WINDOWS\System32\drivers\sonyhcb.sys
[2006/06/05 18:29:05 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/14 08:01:15 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Embrey Family.ini
[2006/03/09 14:29:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 14:29:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/03/09 14:29:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 14:29:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/03/09 14:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 14:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 14:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 14:29:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/03/09 14:29:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/03/09 14:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 14:29:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/11/05 11:09:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/05 11:09:05 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/11/05 11:08:55 | 000,003,308 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/05 11:05:44 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2005/09/15 20:15:31 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/28 12:07:49 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/08/28 10:35:02 | 000,142,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2005/08/28 10:35:02 | 000,142,768 | ---- | C] () -- C:\WINDOWS\System32\ar5523.bin
[2005/08/28 10:34:59 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2005/08/28 10:34:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/08/14 16:18:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\msxml3a.dll
[2005/07/24 18:16:38 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EJFFGGKN.ini
[2005/05/30 13:37:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\msfoig.dll
[2005/05/30 13:37:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bs.dll
[2005/05/30 13:37:24 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\bss.dll
[2005/05/30 13:37:23 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\mshhif.dll
[2005/05/30 13:37:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\msodae.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/11/26 18:23:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/11/10 17:11:35 | 000,000,046 | ---- | C] () -- C:\WINDOWS\smsafari.ini
[2003/11/10 09:07:04 | 000,000,290 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2003/10/24 15:55:37 | 000,001,121 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/10/11 17:26:16 | 000,000,494 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2003/09/26 17:28:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2003/09/26 17:26:22 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL
[2003/09/17 14:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2003/09/08 17:16:34 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/09/05 14:38:05 | 000,001,182 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2003/09/05 14:34:44 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/09/05 14:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/09/03 22:54:18 | 000,000,113 | ---- | C] () -- C:\WINDOWS\Inetreg.ini
[2003/09/03 22:39:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/03 21:55:07 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/03 21:47:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/03 21:22:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/03 21:18:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/03 14:11:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/03 14:10:16 | 000,140,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/02/07 18:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ftpupd.exe
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/03/21 11:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\18338
[2010/03/21 12:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C9D
[2010/04/13 13:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2005/08/25 16:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2009/05/12 17:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/12/21 19:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/19 17:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/21 11:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2009/03/29 13:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/04/07 11:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wyyo
[2009/05/26 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/25 20:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Atari
[2008/05/19 17:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG7
[2011/03/15 14:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\imeshmediabartb
[2009/07/03 19:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Smart-Shopper

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 07:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2002/08/29 02:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\backup\explorer.exe

< MD5 for: SVCHOST.EXE >
[2001/08/23 04:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\backup\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2002/08/29 02:41:28 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\backup\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2002/08/29 02:41:28 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\backup\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = System32\DRIVERS\netbt.sys -- [2004/08/03 22:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation)
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
"DisplayName" = NetBT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0C787C01-2787-48CC-B33A-16236AA3378A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3D88075A-1FE0-44E7-A0F2-4201BAAF5926}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{96DDB679-F541-42C2-8A46-6211AABD6E01}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9D047351-8983-4E11-AC59-7882D9432459}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C82DCBF9-375A-4956-BC35-D2B228F5B9E1}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E0DE85BD-A100-47C7-B2F9-91F809DF43BD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F98EDA09-AFFE-48C1-B21D-B1A98E5395DF}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = System32\DRIVERS\netbios.sys -- [2004/08/03 22:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 05 01 00 00 01 00 02 00 03 00 04 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2001/08/23 04:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\UninstallFirefox.exe" /ua "1.0.7 (en-US)" /hs browser [2005/11/05 11:09:05 | 000,099,965 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\firefox.exe" -silent -nosplash -setDefaultBrowser [2005/09/15 18:26:00 | 006,637,156 | ---- | M] (Mozilla)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\UninstallFirefox.exe" /ua "1.0.7 (en-US)" /ss browser [2005/11/05 11:09:05 | 000,099,965 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: "C:\Documents and Settings\Embrey Family\Local Settings\Application Data\av.exe" /START "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -chrome "chrome://browser/content/pref/pref.xul" [2005/09/15 18:26:00 | 006,637,156 | ---- | M] (Mozilla)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Embrey Family\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 15:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\UninstallFirefox.exe" /ua "1.0.7 (en-US)" /hs browser [2005/11/05 11:09:05 | 000,099,965 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\firefox.exe" -silent -nosplash -setDefaultBrowser [2005/09/15 18:26:00 | 006,637,156 | ---- | M] (Mozilla)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\UninstallFirefox.exe" /ua "1.0.7 (en-US)" /ss browser [2005/11/05 11:09:05 | 000,099,965 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: "C:\Documents and Settings\Embrey Family\Local Settings\Application Data\av.exe" /START "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -chrome "chrome://browser/content/pref/pref.xul" [2005/09/15 18:26:00 | 006,637,156 | ---- | M] (Mozilla)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/05 05:30:57 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\Embrey Family\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 15:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BB26BE9

< End of report >

OTL Extras logfile created on: 1/16/2012 1:34:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Guest\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 59.49 Mb Available Physical Memory | 23.28% Memory free
618.96 Mb Paging File | 303.93 Mb Available in Paging File | 49.10% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 16.43 Gb Free Space | 33.64% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 7.84 Gb Free Space | 92.95% Space Free | Partition Type: NTFS

Computer Name: BOYS | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\EA SPORTS\MVP Baseball 2004\mvp2004.exe" = C:\Program Files\EA SPORTS\MVP Baseball 2004\mvp2004.exe:*:Disabled:mvp2004
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\Temp\~osD.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~osD.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"C:\WINDOWS\Temp\~os10.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os10.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"C:\WINDOWS\Temp\~os11.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os11.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"c:\WINDOWS\Temp\~os9.tmp\rlvknlg.exe" = c:\WINDOWS\Temp\~os9.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\RelevantKnowledge\rlvknlg.exe" = C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3B304631-1355-4A32-BEA0-494DEFB3506D}" = Nancy Drew: The Final Scene
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{509291FD-CFC8-11D6-A285-00A0CC51B2FE}" = Sound Blaster PCI128 Drivers
"{58EBC737-9828-4204-8512-E0E71BD7E792}" = Lyra System File Update Utility
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.03.02
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: Treasure in the Royal Tower
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD4
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB543BA1-82D4-4B45-96BF-30D0E5ED220A}" = InstallIQ Updater
"{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}" = ArcSoft MediaImpression
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AOL Instant Messenger" = AOL Instant Messenger
"Backyard Baseball 2001" = Backyard Baseball 2001
"Backyard Soccer MLS Edition" = Backyard Soccer MLS Edition
"BearShare" = BearShare
"CANONBJ_Deinstall_CNMCP4w.DLL" = Canon i450
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ewidoantimalware" = ewido anti-malware
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"ID3man" = ID3man 3.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iMesh" = iMesh
"iMesh MediaBar" = MediaBar
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 4.18.8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (1.0.7)" = Mozilla Firefox (1.0.7)
"MyWebSearch bar Uninstall" = My Web Search (Popular Screensavers)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoRecord" = Canon PhotoRecord
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Shockwave" = Shockwave
"Soulseek" = SoulSeek Client 156c
"Sound Blaster PCI128 Drivers Online Help" = Sound Blaster PCI128 Drivers Online Help
"SpeedFan" = SpeedFan (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Spyware Doctor_is1" = Spyware Doctor 3.2
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WGA" = Windows Genuine Advantage Validation Tool
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinZip" = WinZip
"Wyyo" = Wyyo 1.0 build 129
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like MBAM got most of it

How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\3.bin [2012/01/16 12:52:30 | 000,000,000 | ---D | M]
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL File not found
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL File not found
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL File not found
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h File not found
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe File not found
    O4 - HKCU..\Run: [Security Protection] C:\Documents and Settings\Guest\Application Data\defender.exe File not found
    [2011/08/02 18:00:05 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\On54RHoX.exe
    [2010/03/07 13:19:29 | 000,011,486 | -HS- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\omn2MB67

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\Temp\~osD.tmp\ossproxy.exe"=-
    "C:\WINDOWS\Temp\~os10.tmp\ossproxy.exe"=-
    "C:\WINDOWS\Temp\~os11.tmp\ossproxy.exe"=-
    "c:\WINDOWS\Temp\~os9.tmp\rlvknlg.exe"=-
    "C:\Program Files\RelevantKnowledge\rlvknlg.exe"=-
    "C:\StubInstaller.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-

    :Files
    ipconfig /flushdns /c
    C:\Program Files\RelevantKnowledge
    C:\Program Files\MyWebSearch

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#23
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I can access internet now but still not completely right.

After I press RUN FIX button, I get this error message from OTL, "Cannot create file c:\WINDOWS\System 32\drivers\etc\Hosts.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK no problem ion the Host file

What do you mean by not properly accessing the net
  • 0

#25
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I can access the internet ok but can't download or delete software. It states I have no administrator privileges.

Still can't get into safe mode because arrow button doesn't work.
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can resolve these problems one at a time. Once these repairs are complete let me know what remains - I will get a safe mode repair fix going

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select all itemsI have ticked (remove the ticks from the rest ) and tick restart system when finished
[attachment=55424:Capture.JPG]
  • 0

#27
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I cannot download program directly to infected computer. If I use a flash drive, I can load program. But when I press "Do IT'", page disappears and nothing happens.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets use a bigger hammer


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#29
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Cannot download anything on infected computer. It always says need administrator privileges. Won't allow downloading by flash drive as well.
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time to play outside of windows

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so please make a note of any deletions for me
  • Once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP