Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MacroVirus and ? on XP - no media player, system restore, search


  • Please log in to reply

#1
Sunshine808

Sunshine808

    Member

  • Member
  • PipPip
  • 33 posts
Hello and thank you in advance for any help or suggestions. I no longer have the "no media player, system restore, search" issues on XP anymore. I did try to search for hours but was missing specific search terms. All of them started to work after reading a MS support page titled "Several dialog boxes are blank" and I followed the instructions to reregister a Jscript.dll file. Phew.

I still have the MacroVirus, though.

While I was trying to figure all of the above out I decided to renew my Avast subscription, but it would not let me do the free version--only the paid--no matter how I accessed the download (either through the application or going directly to their site. So I uninstalled it entirely, and after it rebooted MS security center was saying that 'macrovirus reports that it is up to date and scanning". I uploaded MS Security Essentials since, performed a quick initial scan, nothing detected. I ran a full 4 hour long Malwarebyes scan of my main and external drives and it turned up nothing. Now security center says there are two anti viruses running. CCleaner's start up component tells me that MacroVirus's boot .exe is on there, but disabled. When I try to go to the folder it says that it is in (C:\Program Files\MacroVirus\MacroVirus.exe -boot) it is not there and I have all files showing. I have the .txt file for CCleaner, if needed.

Here is my OTL log (thanks again in advance)
XXXXXX

OTL logfile created on: 2/3/2012 5:12:21 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.22 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 32.85% Memory free
1.41 Gb Paging File | 0.72 Gb Available in Paging File | 50.94% Paging File free
Paging file location(s): C:\pagefile.sys 336 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.88 Gb Free Space | 45.30% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/03 16:30:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Spaur\Desktop\OTL.exe
PRC - [2012/02/01 15:20:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/18 23:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 14:12:33 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\rstrui.exe
PRC - [2008/04/13 14:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 21:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/06/23 17:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 13:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/05/13 11:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
PRC - [2003/05/23 10:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2001/09/10 16:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/01 15:20:22 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/22 20:55:28 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 10:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/04/13 14:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/05/13 11:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (brmfrmps)
SRV - [2011/08/18 23:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/04/17 06:47:54 | 000,071,168 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/08 21:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/06/23 17:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 13:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 11:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/05/23 10:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2001/09/10 16:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - [2012/02/03 16:36:27 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C4D9A3-FA36-4FB1-A9DC-D8089D2C656F}\MpKsl09221f6a.sys -- (MpKsl09221f6a)
DRV - [2011/08/18 23:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2011/08/18 23:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007/06/14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/30 13:09:54 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/24 08:11:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/19 11:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/03 12:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 12:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 12:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 12:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/06/25 08:00:18 | 000,336,244 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 07:37:34 | 000,036,736 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/06/25 07:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 13:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/06/16 08:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/06/10 19:57:04 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/05/28 09:45:02 | 000,390,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/02/24 08:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 12:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 07:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/01 23:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2003/11/20 07:25:20 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55})
DRV - [2003/08/13 12:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 05:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 11:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001/09/10 16:09:46 | 000,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
DRV - [2000/07/23 22:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.1.*;192.168.2.*;192.168.0.*;127.0.0.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.mg5.mail.y...com/neo/launch"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/01 15:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/03 15:37:25 | 000,000,000 | ---D | M]

[2009/10/24 19:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxx\Application Data\Mozilla\Extensions
[2012/02/03 15:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\fcupro20.default\extensions
[2011/08/31 08:41:46 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\fcupro20.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012/02/03 15:38:04 | 000,000,000 | ---D | M] (Games.com Toolbar) -- C:\Documents and Settings\xxxx\Application Data\Mozilla\Firefox\Profiles\fcupro20.default\extensions\{493b4069-8c4f-4b4a-8f8c-506200c9887a}
[2012/01/25 05:56:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\xx\Application Data\Mozilla\Firefox\Profiles\fcupro20.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/07 18:42:32 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\xx\Application Data\Mozilla\Firefox\Profiles\fcupro20.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/01/13 07:08:57 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\fcupro20.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/12/19 18:21:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\fcupro20.default\extensions\[email protected]
[2011/12/28 06:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/15 06:53:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/01 15:20:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 07:56:58 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/05/04 07:56:38 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 18:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 18:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5626a00f-7cfe-4e9e-a9cf-f99fe565d289} - No CLSID value found.
O2 - BHO: (Games.com Toolbar Loader) - {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Games.com Toolbar) - {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Games.com Toolbar) - {9DA1BCF1-77F5-41C5-B7C3-C597DC20752C} - C:\Program Files\Games.com Toolbar\gamescomtb.dll (AOL Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {7E59EBD3-1A7A-4A60-A54E-84E928C2C836} http://webre1.hawaii...PhotoLoader.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.25.227.55 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A55829A-3F53-4A50-AF93-62E696FD3CFA}: DhcpNameServer = 192.168.1.1 24.25.227.55 209.18.47.61
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\xxxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\xxx\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 16:30:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff Spaur\Desktop\OTL.exe
[2012/02/03 16:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/03 16:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/03 15:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Local Settings\Application Data\Games.com Toolbar
[2012/02/03 15:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Games.com Toolbar
[2012/02/03 15:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Games.com Toolbar
[2012/02/03 15:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/02/03 13:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DownloadX ActiveX Download Control 1.6
[2012/02/03 13:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings/xxx\Application Data\OpenCandy
[2012/02/03 13:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadXCtrl.com
[2012/02/03 13:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2012/01/27 20:15:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\xxx\Recent
[2004/08/19 11:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll
[2004/06/10 22:27:12 | 000,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2012/02/03 17:17:09 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/02/03 16:30:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxx\Desktop\OTL.exe
[2012/02/03 16:16:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/03 16:11:19 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/02/03 16:10:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 15:59:25 | 000,015,426 | ---- | M] () -- C:\Documents and Settings\xxx\My Documents\cc_20120203_155919.reg
[2012/02/03 15:50:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 15:50:12 | 1307,037,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 15:50:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/03 15:48:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/03 15:26:45 | 000,464,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/03 15:26:45 | 000,081,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/03 14:59:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/02/03 14:41:58 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\xxx\Desktop\Windows Media Player.lnk
[2012/02/03 14:39:46 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/02/03 14:39:46 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/02/03 14:37:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/03 12:44:48 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\xx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/27 20:18:17 | 000,005,340 | ---- | M] () -- C:\Documents and Settings\xx\My Documents\cc_20120127_201813.reg
[2012/01/22 13:08:52 | 000,058,490 | ---- | M] () -- C:\Documents and Settings\xx\My Documents\xxxxxRetweet2.jpg
[2012/01/21 11:20:16 | 000,037,679 | ---- | M] () -- C:\Documents and Settings\xxx\My Documents\xxxxRetweet.jpg
[2012/01/19 10:34:33 | 000,184,669 | ---- | M] () -- C:\Documents and Settings\xxx\My Documents\xxxx-WhoIs.jpg
[2012/01/19 10:31:12 | 000,174,232 | ---- | M] () -- C:\Documents and Settings\xxx\My Documents\xxxx.jpg
[2012/01/19 10:29:04 | 000,156,621 | ---- | M] () -- C:\Documents and Settings\xxx\My Documents\xxxxh.jpg
[2012/01/19 08:42:46 | 000,065,427 | ---- | M] () -- C:\Documents and Settings\xxx\My Documents\xxxx.jpg
[2012/01/15 05:59:16 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\xxx\Desktop\Microsoft Office Word 2003.lnk
[2012/01/14 06:35:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

========== Files Created - No Company Name ==========

[2012/02/03 16:19:32 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/02/03 16:16:04 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/03 16:11:19 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/02/03 16:10:46 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/03 15:59:24 | 000,015,426 | ---- | C] () -- C:\Documents and Settings\xxxx\My Documents\cc_20120203_155919.reg
[2012/02/03 14:41:58 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Jxxxx\Desktop\Windows Media Player.lnk
[2012/02/03 14:39:24 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\xxxx\Start Menu\Programs\Windows Media Player.lnk
[2012/02/03 14:37:33 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/27 20:18:15 | 000,005,340 | ---- | C] () -- C:\Documents and Settings\xxxx\My Documents\cc_20120127_201813.reg
[2012/01/22 13:08:52 | 000,058,490 | ---- | C] () -- C:\Documents and Settings\xxxx\My Documents\xxxx2.jpg
[2012/01/21 11:20:16 | 000,037,679 | ---- | C] () -- C:\Documents and Settings\xxxx\My Documents\xxxx.jpg
[2012/01/19 10:34:33 | 000,184,669 | ---- | C] () -- C:\Documents and Settings\xxx\My Documents\xxxxs.jpg
[2012/01/19 10:31:11 | 000,174,232 | ---- | C] () -- C:\Documents and Settings\xxxxx\My Documents\xxxx.jpg
[2012/01/19 10:29:04 | 000,156,621 | ---- | C] () -- C:\Documents and Settings\Jxxx\My Documents\xxx.jpg
[2012/01/19 08:42:45 | 000,065,427 | ---- | C] () -- C:\Documents and Settings\xxxx\My Documents\xxx.jpg
[2012/01/14 06:35:57 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/14 06:35:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/31 08:55:16 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/18 23:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/18 23:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/18 23:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/07/25 20:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/02/11 19:18:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/17 06:48:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2010/04/17 06:47:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2010/04/17 06:47:54 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2010/04/17 06:47:54 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2010/04/17 06:47:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2009/11/03 08:23:43 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2009/11/03 07:56:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/04/23 16:50:42 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2009/04/23 16:50:41 | 000,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/10/30 19:52:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2007/01/23 14:00:18 | 000,009,369 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Comma Separated Values (Windows).EML
[2006/10/17 13:29:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2006/10/17 13:29:54 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll
[2006/09/28 14:51:34 | 000,000,634 | ---- | C] () -- C:\WINDOWS\Tiger5.INI
[2006/09/28 09:04:59 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Tiger6.INI
[2006/06/07 17:46:03 | 000,009,349 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft Excel.EML
[2006/06/05 16:07:21 | 000,587,182 | ---- | C] () -- C:\Documents and Settings\xxxx\Application Data\fontlst2.opf
[2006/06/04 10:19:25 | 000,038,462 | ---- | C] () -- C:\Documents and Settings\Jxxxxx\Application Data\Microsoft Excel.ADR
[2006/03/28 11:04:36 | 000,000,026 | ---- | C] () -- C:\WINDOWS\usbinstall.INI
[2006/03/09 00:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/20 09:05:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2005/09/01 18:36:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/30 18:19:49 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\xxx\Local Settings\Application Data\fusioncache.dat
[2005/08/25 13:12:10 | 000,038,479 | ---- | C] () -- C:\Documents and Settings\xxxx\Application Data\Comma Separated Values (Windows).ADR
[2005/08/07 07:50:41 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\xxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/19 13:55:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2005/06/15 09:26:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/17 16:10:19 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2005/05/17 16:10:19 | 000,000,013 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2005/05/17 16:10:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/05/17 16:10:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5170dn.ini
[2005/05/17 16:09:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/05/11 14:32:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2005/05/11 14:32:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2005/05/11 14:25:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8820def.dat
[2005/05/11 07:34:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2005/05/11 07:34:56 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\NSSearch.dll
[2005/05/11 07:34:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07F.BIN
[2005/05/11 07:24:53 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/05/11 07:24:53 | 000,000,090 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/05/11 07:24:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8420def.dat
[2005/05/11 07:24:53 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2005/05/11 07:22:03 | 000,000,806 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/05/11 07:14:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2005/05/10 13:24:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2005/05/10 11:44:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2005/03/25 23:39:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/25 23:38:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/25 23:38:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/25 23:38:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/25 23:38:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/25 23:38:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/25 23:38:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/25 23:37:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/25 13:44:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/24 10:49:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/24 08:09:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/24 07:52:45 | 000,001,015 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/24 07:27:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/24 07:01:53 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/24 06:52:09 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/24 06:52:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/24 06:52:09 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/24 06:52:09 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/24 06:38:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/24 06:38:05 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/08/24 06:38:05 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2004/08/23 14:03:13 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/08/23 14:03:13 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/23 13:48:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/23 13:42:54 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/23 13:41:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/23 13:35:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/23 13:34:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/23 12:53:33 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/23 12:48:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/23 12:48:17 | 000,464,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/23 12:48:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/23 12:48:17 | 000,081,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/23 12:48:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/23 12:48:14 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/23 12:48:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/23 12:48:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/23 12:47:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/23 12:47:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/23 12:47:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/23 12:47:09 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/23 06:29:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/23 06:28:38 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 11:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/06/10 19:46:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/06/10 19:44:56 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/11/25 16:42:44 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\scnwpm.dat
[2002/08/12 05:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 13:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 08:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2012/02/03 15:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/02/03 15:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Games.com Toolbar
[2005/11/22 15:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/10/15 11:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/05/15 16:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/02/03 13:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/07 15:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2009/10/25 09:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharp
[2005/06/10 11:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUIIMAGE
[2005/09/14 09:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx\Application Data\Aim
[2012/01/27 20:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx\Application Data\FileZilla
[2005/11/22 15:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxr\Application Data\HotSync
[2011/11/26 09:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Image Zone Express
[2004/08/24 07:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx xxxx\Application Data\InterTrust
[2004/08/25 12:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\InterVideo
[2011/11/26 09:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxx\Application Data\KadooFileUploader.9BC773BD313E6BC33B1E00B6777BA65368671B30.1
[2005/11/22 15:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx\Application Data\Leadertech
[2009/10/25 09:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xx x\Application Data\LimeWire
[2007/10/09 16:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\MSNInstaller
[2011/07/13 11:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Notepad++
[2012/02/03 13:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\OpenCandy
[2005/06/09 18:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\PPIMAGES
[2011/10/12 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\SendSpace Wizard
[2006/06/05 16:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Sharpdesk
[2011/05/29 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\SystemRequirementsLab
[2005/05/11 07:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Template
[2004/08/24 07:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\toshiba
[2011/06/02 06:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2008/11/17 14:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Viewpoint
[2010/02/22 22:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\VS Revo Group
[2011/10/30 10:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\VSRevoGroup
[2011/05/04 08:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\webex
[2011/03/21 07:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Windows Live Writer
[2012/02/03 16:16:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/02/03 17:17:09 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



< End of report >

Edited by Sunshine808, 04 February 2012 - 01:22 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I don't see it running. It's not uncommon for Windows Security Center to make a mistake like that.

One thing I do see that you probably don't want running is
SRV - [2001/09/10 16:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)

Copy the next line:

sc config C-DillaSrv start= disabled

Start, Run, cmd, OK then right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Now type (with an Enter after the line):

net  stop  C-DillaSrv

(That should stop it or tell you it is not running)




Let's run Combofix. It has a mechanism for clearing up window security center mistakes tho we will need to run it a second time.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Ron
  • 0

#3
Sunshine808

Sunshine808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Awesome, RKinner, thanks for the help!

The command prompt indicated that C-Dilla service has been successfully stopped.

However, I followed the directions for combofix and right after I double clicked on the icon from my desktop my computer beeped and a warning appeared: "combofix has detected the following real time scanners to be active: antivirus: Macrovirus"...and somethign about me causing potential harm to my system if I continue, but I clicked 'okay' anyway and my computer beeped again, the warning box appeared: Antivirus: Macrovirus is still active but combofix shall continue to run. Kindly note that this is at your own risk.

I powered off my computer because, combofix does not give a way to terminate the process along with the warnings, and came back here.

Should I do combofix in light of these warnings that MacroVirus is running active scans? I don't have another computer handy to troubleshoot what might occur on this one. :(

Edited by Sunshine808, 05 February 2012 - 11:18 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Combofix gets its info in the same way that Security Center does. There is really no sign of it really running so you should let CF do its thing.
  • 0

#5
Sunshine808

Sunshine808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thank you RKinner!

I am replying from someone else's computer, away from home.

When I left the Auto Scan had already been scanning for 3 hours, with the screen saying it typically takes about ten and sometimes can double if there are seriously infected files. I have not disturbed the process or click on anything since it downloaded the recovery console. From the sound of the fan and the drive light on I gather that it's not locked or frozen, but I really don't know.

So, if I return home and it's still on that screen after maybe six hours...what should I do, power off and reboot? Try again?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Hopefully it will be finished. The 10 minutes hasn't been true for a while but it never got updated. After 6 hours tho it should be done if it's going to work. Sometimes you can get it to work with

Start, Run, combofix.exe /killall, OK (Uninstall MBAM first as it doesn't like the killall command.)

Other times we have to go into Safe Mode with Networking:

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)
  • 0

#7
Sunshine808

Sunshine808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thank you very much!

So, I understand that if I get home and it's still in the same state the combofix.exe /killall command will get it to work, meaning run all of the way through? Sorry, I am not sure what you are referring to with MBAM. Also, it's okay to run the process then twice?

Thanks!
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
The hope is that if it doesn't finish in 6 hours you can restart windows and get it to work that way.
You can run it as many times as you like until you get it to go all the way through.

MBAM is MalwareBytes AntiMalware.
  • 0

#9
Sunshine808

Sunshine808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi RKinner.

I did as instructed to run combofix in safe mode with networking, let the auto scan go for an hour before I tried to stop it with command prompt, at which time it did freeze so I powered off the computer.

I noticed that user accounts are different in normal and safe mode. In normal mode I can opt to log in to 'pooch' (this is what I ran the otl under) or 'guest'. In safe mode I had the options for 'admin' or 'pooch' (which is admin in the other mode). I don't know if this matters. I chose 'admin' to run combofix while in safe mode with networking.

Thank you.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
It's normal to get the Admin account showing up in XP safe Mode. On XP home this has no password by default so it's a way of getting in if you forget your password. Doesn't really matter which account you run Combofix in but if you put it on your desktop in regular mode then boot to Admin in Safe Mode you won't see Combofix on the desktop.

Supposedly once you run Combofix once you can run it with Start, Run without the full path. You can try

combofix /killall

or

ComboFix /SkipFix

or

Combofix /nombr

and see if it will run through with any of them.

If it says it can't find the file then you will need the full path to Combofix. If it's on the desktop then:

"\Documents and Settings\Jeff Spaur\Desktop\combofix" /killall

(You need the quotation marks)

Ron
  • 0

Advertisements


#11
Sunshine808

Sunshine808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thanks, Ron, for explaining the user account thing as it's come up before.

Okay, I just want to make sure that I understand what I am to do next, and it is still going to try to be to run combofix (?):
1)log in under safe mode with networking
2)try to run combofix first by start>run> combofix /killall and if that does not work then try entering ComboFix /SkipFix and if that does not work then try entering Combofix /nombr in command prompt and if none of them work enter full paths

My biggest question would be what is the maximum amount of time that I should be waiting for it to run?

Thank you!

Edited by Sunshine808, 06 February 2012 - 02:33 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Yes tho there if the first time you tell it combofix /killall it says it doesn't know where the file is then go directly to using the full path. Remember to pause your anti-ivrus any time you download or run Combofix and don't let it do any scans or it will probably remove some of Combofix's components.

This is XP so the first thing it usually does (after the disclaimer
Posted Image and checking for updates) is to want to install the Recovery Console (it may have done that already) Let it. Once it has done that you need to Agree to Microsoft's terms then the real Combofix will start.

Posted Image

Once it gets past the extraction phase (which it only needs to do the first time you run it) it will start going through its stages. Last time I looked there were about 50 of them.

Posted Image

Sometimes it helps to turn off the screensaver before running Combofix. That way you will be able to see what is happening.

If it it hangs at a certain stage then that may tell the designer where it went wrong.

Usually when it finishes it will reboot and then generate the log.

It usually puts the log in C:\combofix.txt. When you run it a second time the old log gets moved to C:\qoobox\combofix(some number).txt You might look there after you run it the second time and see if there is an old log.

The key to Combofix is watching the hard drive light. When it stops flickering for a long period of time then it may be hung but if it is still flickering let it run. I have seen it run for 3 hours before it finished.

Ron
  • 0

#13
Sunshine808

Sunshine808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Ron, thanks for all of your help. I started in safe mode with networking and tried all three in the run dialog box and for all of them it said "windows cannot find combofix"

I tried typing the full path, with the suggested user, and it said "cannot find 'documents'. I tried to navigate the path in windows explorer to make sure that I had it right and under that user it said 'access denied'. I did find combofix under C\Documents and Settings\Administrator\Desktop\combofix so I entered that in the run dialog box. The program launched and hung for 15 minutes without the hard drive light flickering at all so I powered the computer off. Should I have waited longer?

Thanks.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
You need the quotation marks around the path if it contains a space:

"C\Documents and Settings\Administrator\Desktop\combofix"

Did you try the above path with the three options?

"C\Documents and Settings\Administrator\Desktop\combofix" /killall

"C\Documents and Settings\Administrator\Desktop\combofix" /SkipFix

"C\Documents and Settings\Administrator\Desktop\combofix" /nombr

Without an option is the same as double clicking on Combofix.
  • 0

#15
Sunshine808

Sunshine808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
In safe mode with networking, the blue Auto Scan screen hangs for all of these commands:

"C\Documents and Settings\Administrator\Desktop\combofix"
"C\Documents and Settings\Administrator\Desktop\combofix" /killall
"C\Documents and Settings\Administrator\Desktop\combofix" /SkipFix
"C\Documents and Settings\Administrator\Desktop\combofix" /nombr

One thing I am doing which I am not sure if I should is selecting it to boot in XP from the boot menu, after selecting safe mode with networking.

Thanks for all of the help. I am wondering in the midst of all this how safe it is for me to be sending e-mails with images/videos, logging onto things like admin for websites--just how safe my computer is overall. I have read a lot, maybe too much by now, and from what I understand if there is a macrovirus on here and there were an accompanying malicious trojan, worm, keylogger, whatever--the Avast, Microsoft Security Essentials, and MBAM would have picked it up in their full scans, yes?

My computer runs fine otherwise-pretty darn fast for a geezer--and especially since I took Avast off.

Edited by Sunshine808, 08 February 2012 - 09:40 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP