Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

search engine virus

Started by theprefixx , Apr 30 2012 04:07 PM

  • Please log in to reply

#31
theprefixx
Posted 01 May 2012 - 01:29 PM

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 5/1/2012 2:59:27 PM - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.86 Mb Total Physical Memory | 246.01 Mb Available Physical Memory | 24.26% Memory free
2.38 Gb Paging File | 1.32 Gb Available in Paging File | 55.56% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 121.05 Gb Free Space | 83.99% Space Free | Partition Type: NTFS

Computer Name: YOUR-YECX24RTR5 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 18:41:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/03 15:14:44 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/06/17 13:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010/12/15 19:03:02 | 000,080,448 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/13 16:07:36 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2010/09/13 16:07:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/19 11:32:43 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 16:20:10 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/07/10 16:35:14 | 000,700,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/07/05 22:34:52 | 000,096,792 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/05/08 16:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/03/25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/29 15:14:25 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/25 20:26:31 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/13 03:15:28 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
MOD - [2009/06/25 10:15:22 | 000,135,168 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll
MOD - [2009/03/23 17:55:50 | 000,176,128 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll
MOD - [2009/03/23 17:53:46 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/29 15:14:26 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/25 20:26:33 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/19 11:32:43 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\23689096.sys -- (13822794)
DRV - [2010/09/13 16:07:38 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\clwvd.sys -- (clwvd)
DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 13:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/05/12 05:18:54 | 005,080,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/27 16:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/18 21:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=06-07-2010

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...susaimc00000001
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/?...susaimc00000001
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=06-07-2010
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{c8a2333d-6a50-42f0-922a-95c1c57f7aa6}: "URL" = http://slirsredirect...u10aiminstabie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php\r"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 20:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/30 20:43:36 | 000,000,000 | ---D | M]

[2002/02/02 03:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/05/01 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b5oi9ciu.default\extensions
[2012/04/30 20:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/30 20:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/25 20:26:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/30 20:07:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/30 18:27:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/30 18:27:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/04/30 20:55:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [EasyMode] C:\Program Files\ASUS\Easy Mode\Easy Mode.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k File not found
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\System32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA9C2F20-38F8-4BA5-88D7-3821A001A793}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/17 14:09:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SQLBrowser - File not found
NetSvcs: dwmrcs - File not found
NetSvcs: cpqfcalm - File not found
NetSvcs: marvinbus - File not found
NetSvcs: sfhlp02 - File not found
NetSvcs: Si3132r5 - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

SafeBootMin: 13822794.sys - system32\drivers\23689096.sys File not found
SafeBootMin: 85636699.sys - Driver
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: 13822794.sys - system32\drivers\23689096.sys File not found
SafeBootNet: 85636699.sys - Driver
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 10:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/01 10:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/01 10:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/01 10:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/01 09:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/01 09:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/01 09:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/01 09:49:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/30 21:27:29 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/04/30 21:12:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/30 20:39:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/30 20:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/30 20:08:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/30 20:08:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/30 20:08:26 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/30 20:08:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/30 18:41:56 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/30 00:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012/04/30 00:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/04/29 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2012/04/29 15:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/04/29 15:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/04/29 11:21:31 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/29 11:21:30 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/29 10:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/04/29 10:52:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1000000.07D
[2012/04/29 10:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/04/29 10:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/04/29 10:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/04/29 10:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/04/29 10:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/04/25 20:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/25 20:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/01 15:09:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0F0922F3-7EF3-41E1-B2E6-AA59525CF498}.job
[2012/05/01 14:35:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/01 10:50:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/05/01 10:33:26 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/01 08:55:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 21:17:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 21:00:55 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/30 20:55:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/04/30 20:07:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/30 20:07:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/30 20:07:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/30 20:07:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/30 20:07:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/30 18:41:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/30 00:22:46 | 000,021,126 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attachments_2012_04_30.zip
[2012/04/30 00:18:27 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/04/30 00:15:09 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/04/30 00:15:09 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/29 15:14:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/29 15:14:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/29 10:54:39 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2012/04/29 10:54:38 | 000,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2012/04/29 10:54:38 | 000,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2012/04/29 10:54:38 | 000,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2012/04/29 10:54:37 | 000,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2012/04/29 10:54:36 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.inf
[2012/04/29 10:54:35 | 000,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2012/04/29 10:52:15 | 000,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2012/04/29 10:52:15 | 000,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2012/04/29 10:52:15 | 000,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2012/04/29 10:52:15 | 000,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2012/04/29 10:52:14 | 000,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2012/04/29 10:52:14 | 000,010,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.cat
[2012/04/27 16:22:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 17:00:13 | 000,001,632 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L5680B4036F7E4EDCA1E52C2F8BBAB411.job
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/01 10:48:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/05/01 10:33:26 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/30 21:00:55 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/30 00:22:51 | 000,021,126 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attachments_2012_04_30.zip
[2012/04/30 00:15:09 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/04/30 00:15:09 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/04/29 11:21:42 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 10:54:38 | 000,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2012/04/29 10:54:38 | 000,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2012/04/29 10:54:38 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2012/04/29 10:54:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2012/04/29 10:54:36 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.inf
[2012/04/29 10:54:36 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2012/04/29 10:54:34 | 000,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2012/04/29 10:52:15 | 000,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2012/04/29 10:52:15 | 000,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2012/04/29 10:52:15 | 000,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2012/04/29 10:52:15 | 000,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2012/04/29 10:52:14 | 000,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2012/04/29 10:52:14 | 000,010,609 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\ccHPx86.cat
[2011/04/25 22:45:04 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/03 16:19:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Custom Scans ==========

< >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9160301AS
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 144.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 5.00GB
Starting Offset: 154750417920
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 159998146560
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/12/25 10:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/03/05 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2012/05/01 10:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2012/03/10 11:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2011/01/25 10:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ASUS
[2011/01/31 21:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2010/07/11 14:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EmailNotifier
[2011/04/19 20:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2009/08/17 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2009/08/17 14:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2012/02/25 19:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kodak
[2009/12/19 23:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2011/04/25 22:45:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2002/02/02 03:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/12/25 13:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2010/03/30 12:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\oovootb
[2011/02/01 13:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2011/02/03 00:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sammsoft
[2010/07/03 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/07/03 16:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2011/02/07 20:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2011/02/01 13:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2011/04/25 22:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/10/31 18:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/02/02 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/12/19 11:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webroot

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/14 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 20:26:23 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 20:26:23 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 20:26:23 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\NetworkService\Local Settings\Application Data\nie.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 20:26:23 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 20:26:23 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 20:26:23 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 20:26:32 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\NetworkService\Local Settings\Application Data\nie.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe"

< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 13:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
  • 0

Advertisements

#32
RKinner
Posted 01 May 2012 - 02:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I don't think you ran Combofix yet.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:
  • 0

#33
theprefixx
Posted 02 May 2012 - 10:31 AM

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 12-05-01.03 - Owner 05/02/2012 11:48:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.594 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\compstuff\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\66121.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\QPSched.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 04:07 . 2012-05-02 07:25 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-02 03:35 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-02 03:35 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-01 14:27 . 2012-05-01 14:27 -------- d-----w- c:\program files\iPod
2012-05-01 14:26 . 2012-05-01 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-01 14:26 . 2012-05-01 14:33 -------- d-----w- c:\program files\iTunes
2012-05-01 13:52 . 2012-05-01 13:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-01 13:49 . 2012-05-01 13:49 -------- d-----w- c:\program files\Bonjour
2012-05-01 01:27 . 2012-05-01 01:27 -------- d-----w- C:\found.002
2012-05-01 01:12 . 2012-05-01 01:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 00:39 . 2012-05-01 00:39 -------- d-----w- C:\_OTL
2012-05-01 00:14 . 2012-05-01 00:14 -------- d-----w- c:\program files\Common Files\Java
2012-05-01 00:08 . 2012-05-01 00:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-30 04:20 . 2012-04-30 04:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-04-29 19:14 . 2012-04-29 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-04-29 19:14 . 2012-04-29 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-04-29 19:14 . 2012-04-30 04:15 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-29 15:21 . 2012-04-29 19:14 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 15:21 . 2012-04-29 19:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 14:52 . 2012-04-29 14:52 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-29 14:52 . 2012-04-29 14:52 -------- d-----w- c:\program files\Windows Sidebar
2012-04-29 14:51 . 2012-04-29 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-04-29 14:46 . 2012-04-29 14:46 -------- d-----w- c:\program files\NortonInstaller
2012-04-29 14:45 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-04-29 14:44 . 2012-05-01 02:00 -------- d-----w- c:\documents and settings\megan2
2012-04-28 18:50 . 2012-04-28 18:50 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2012-04-26 00:26 . 2012-04-26 00:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 00:26 . 2012-04-26 00:26 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 00:26 . 2012-04-26 00:26 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 01:19 . 2009-08-17 17:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-01 00:07 . 2011-02-01 17:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2009-08-17 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2009-08-17 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2009-08-17 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-08-17 17:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2009-08-17 17:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-08-17 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2009-08-17 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-04-26 00:26 . 2011-12-30 22:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-07-10 700416]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-09-13 136488]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2010-09-13 162912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Advanced Registry Optimizer.lnk - c:\program files\Advanced Registry Optimizer\ARO.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-17 376832]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37678:TCP"= 37678:TCP:*:Disabled:ooVoo TCP port 37678
"37678:UDP"= 37678:UDP:*:Disabled:ooVoo UDP port 37678
"37679:UDP"= 37679:UDP:*:Disabled:ooVoo UDP port 37679
"37683:TCP"= 37683:TCP:*:Disabled:ooVoo TCP port 37683
"37683:UDP"= 37683:UDP:*:Disabled:ooVoo UDP port 37683
"37682:UDP"= 37682:UDP:*:Disabled:ooVoo UDP port 37682
"37684:TCP"= 37684:TCP:*:Disabled:ooVoo TCP port 37684
"37684:UDP"= 37684:UDP:*:Disabled:ooVoo UDP port 37684
"37685:UDP"= 37685:UDP:*:Disabled:ooVoo UDP port 37685
"37686:TCP"= 37686:TCP:*:Disabled:ooVoo TCP port 37686
"37686:UDP"= 37686:UDP:*:Disabled:ooVoo UDP port 37686
"37687:UDP"= 37687:UDP:*:Disabled:ooVoo UDP port 37687
"37688:TCP"= 37688:TCP:*:Disabled:ooVoo TCP port 37688
"37688:UDP"= 37688:UDP:*:Disabled:ooVoo UDP port 37688
"37689:UDP"= 37689:UDP:*:Disabled:ooVoo UDP port 37689
"37690:TCP"= 37690:TCP:*:Disabled:ooVoo TCP port 37690
"37690:UDP"= 37690:UDP:*:Disabled:ooVoo UDP port 37690
"37691:UDP"= 37691:UDP:*:Disabled:ooVoo UDP port 37691
"37679:TCP"= 37679:TCP:*:Disabled:ooVoo TCP port 37679
"37681:UDP"= 37681:UDP:*:Disabled:ooVoo UDP port 37681
"37680:TCP"= 37680:TCP:*:Disabled:ooVoo TCP port 37680
"37680:UDP"= 37680:UDP:*:Disabled:ooVoo UDP port 37680
"37689:TCP"= 37689:TCP:*:Disabled:ooVoo TCP port 37689
"37693:UDP"= 37693:UDP:*:Disabled:ooVoo UDP port 37693
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [12/19/2009 11:32 AM 1201640]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [9/13/2010 4:07 PM 27632]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [8/17/2009 2:24 PM 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/12/2009 5:35 AM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [8/12/2009 5:35 AM 39040]
S0 13822794;13822794;c:\windows\system32\drivers\23689096.sys --> c:\windows\system32\drivers\23689096.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/29/2012 11:21 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/17/2009 2:25 PM 1684736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:26 PM 129976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SQLBrowser
dwmrcs
cpqfcalm
marvinbus
sfhlp02
Si3132r5
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 19:14]
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{0F0922F3-7EF3-41E1-B2E6-AA59525CF498}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2012-04-20 c:\windows\Tasks\wrSpySweeper_L5680B4036F7E4EDCA1E52C2F8BBAB411.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-12-19 20:20]
.
2012-04-20 c:\windows\Tasks\wrSpySweeper_L5680B4036F7E4EDCA1E52C2F8BBAB411.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-12-19 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\b5oi9ciu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php\r
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKU-Default-Run-iCEyocHtffAu - c:\documents and settings\All Users\Application Data\iCEyocHtffAu.exe
SafeBoot-13822794.sys
SafeBoot-85636699.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 12:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,db,b6,7e,00,47,31,48,bc,3b,82,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,db,b6,7e,00,47,31,48,bc,3b,82,\
.
Completion time: 2012-05-02 12:28:23
ComboFix-quarantined-files.txt 2012-05-02 16:28
.
Pre-Run: 128,385,658,880 bytes free
Post-Run: 131,909,693,440 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 65A8CCD925AF51AD181B91FDFB9DAA50
  • 0

#34
RKinner
Posted 02 May 2012 - 11:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\documents and settings\Owner\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\WINDOWS\system32\drivers\85636699.sys
C:\WINDOWS\system32\drivers\23689096.sys
C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys

Driver::
13822794
SQLBrowser
dwmrcs
cpqfcalm
marvinbus
sfhlp02
Si3132r5
aswMBR

NetSvcs::
SQLBrowser
dwmrcs
cpqfcalm
marvinbus
sfhlp02
Si3132r5

RootKit::
C:\WINDOWS\system32\drivers\85636699.sys
C:\WINDOWS\system32\drivers\23689096.sys

MIA::
C:\windows\System32\appmgmts.dll


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#35
theprefixx
Posted 02 May 2012 - 12:01 PM

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 12-05-02.03 - Owner 05/02/2012 13:31:01.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.585 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\compstuff\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\aswMBR.sys"
"c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk"
"c:\windows\system32\drivers\23689096.sys"
"c:\windows\system32\drivers\85636699.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\appmgmts.dll . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASWMBR
-------\Service_13822794
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 04:07 . 2012-05-02 07:25 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-02 03:35 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-02 03:35 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-01 14:27 . 2012-05-01 14:27 -------- d-----w- c:\program files\iPod
2012-05-01 14:26 . 2012-05-01 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-01 14:26 . 2012-05-01 14:33 -------- d-----w- c:\program files\iTunes
2012-05-01 13:52 . 2012-05-01 13:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-01 13:49 . 2012-05-01 13:49 -------- d-----w- c:\program files\Bonjour
2012-05-01 01:27 . 2012-05-01 01:27 -------- d-----w- C:\found.002
2012-05-01 01:12 . 2012-05-01 01:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-01 00:39 . 2012-05-01 00:39 -------- d-----w- C:\_OTL
2012-05-01 00:14 . 2012-05-01 00:14 -------- d-----w- c:\program files\Common Files\Java
2012-05-01 00:08 . 2012-05-01 00:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-30 04:20 . 2012-04-30 04:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-04-29 19:14 . 2012-04-29 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-04-29 19:14 . 2012-04-29 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-04-29 19:14 . 2012-04-30 04:15 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-29 15:21 . 2012-04-29 19:14 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 15:21 . 2012-04-29 19:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 14:52 . 2012-04-29 14:52 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-29 14:52 . 2012-04-29 14:52 -------- d-----w- c:\program files\Windows Sidebar
2012-04-29 14:51 . 2012-04-29 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-04-29 14:46 . 2012-04-29 14:46 -------- d-----w- c:\program files\NortonInstaller
2012-04-29 14:45 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-04-29 14:44 . 2012-05-01 02:00 -------- d-----w- c:\documents and settings\megan2
2012-04-28 18:50 . 2012-04-28 18:50 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2012-04-26 00:26 . 2012-04-26 00:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 00:26 . 2012-04-26 00:26 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 00:26 . 2012-04-26 00:26 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 01:19 . 2009-08-17 17:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-01 00:07 . 2011-02-01 17:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2009-08-17 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2009-08-17 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2009-08-17 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2009-08-17 17:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2009-08-17 17:51 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2009-08-17 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2009-08-17 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-04-26 00:26 . 2011-12-30 22:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-02_16.24.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-02 17:47 . 2012-05-02 17:47 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2009-08-17 17:51 . 2012-05-02 17:50 72218 c:\windows\system32\perfc009.dat
+ 2009-08-21 13:29 . 2012-05-02 17:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-21 13:29 . 2012-05-02 07:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-05-02 16:31 . 2012-05-02 17:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-17 17:51 . 2012-05-02 17:50 442050 c:\windows\system32\perfh009.dat
+ 2009-08-21 13:29 . 2012-05-02 17:46 2818048 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-21 13:29 . 2012-05-02 07:26 2818048 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-07-10 700416]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-09-13 136488]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2010-09-13 162912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Advanced Registry Optimizer.lnk - c:\program files\Advanced Registry Optimizer\ARO.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-17 376832]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37678:TCP"= 37678:TCP:*:Disabled:ooVoo TCP port 37678
"37678:UDP"= 37678:UDP:*:Disabled:ooVoo UDP port 37678
"37679:UDP"= 37679:UDP:*:Disabled:ooVoo UDP port 37679
"37683:TCP"= 37683:TCP:*:Disabled:ooVoo TCP port 37683
"37683:UDP"= 37683:UDP:*:Disabled:ooVoo UDP port 37683
"37682:UDP"= 37682:UDP:*:Disabled:ooVoo UDP port 37682
"37684:TCP"= 37684:TCP:*:Disabled:ooVoo TCP port 37684
"37684:UDP"= 37684:UDP:*:Disabled:ooVoo UDP port 37684
"37685:UDP"= 37685:UDP:*:Disabled:ooVoo UDP port 37685
"37686:TCP"= 37686:TCP:*:Disabled:ooVoo TCP port 37686
"37686:UDP"= 37686:UDP:*:Disabled:ooVoo UDP port 37686
"37687:UDP"= 37687:UDP:*:Disabled:ooVoo UDP port 37687
"37688:TCP"= 37688:TCP:*:Disabled:ooVoo TCP port 37688
"37688:UDP"= 37688:UDP:*:Disabled:ooVoo UDP port 37688
"37689:UDP"= 37689:UDP:*:Disabled:ooVoo UDP port 37689
"37690:TCP"= 37690:TCP:*:Disabled:ooVoo TCP port 37690
"37690:UDP"= 37690:UDP:*:Disabled:ooVoo UDP port 37690
"37691:UDP"= 37691:UDP:*:Disabled:ooVoo UDP port 37691
"37679:TCP"= 37679:TCP:*:Disabled:ooVoo TCP port 37679
"37681:UDP"= 37681:UDP:*:Disabled:ooVoo UDP port 37681
"37680:TCP"= 37680:TCP:*:Disabled:ooVoo TCP port 37680
"37680:UDP"= 37680:UDP:*:Disabled:ooVoo UDP port 37680
"37689:TCP"= 37689:TCP:*:Disabled:ooVoo TCP port 37689
"37693:UDP"= 37693:UDP:*:Disabled:ooVoo UDP port 37693
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [12/19/2009 11:32 AM 1201640]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [9/13/2010 4:07 PM 27632]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [8/17/2009 2:24 PM 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/12/2009 5:35 AM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [8/12/2009 5:35 AM 39040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/29/2012 11:21 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/17/2009 2:25 PM 1684736]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:26 PM 129976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vmwareusb REG_MULTI_SZ vmusb
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 19:14]
.
2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{0F0922F3-7EF3-41E1-B2E6-AA59525CF498}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\b5oi9ciu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php\r
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 13:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,db,b6,7e,00,47,31,48,bc,3b,82,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bb,db,b6,7e,00,47,31,48,bc,3b,82,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Webroot\WebrootSecurity\SSU.EXE
.
**************************************************************************
.
Completion time: 2012-05-02 13:58:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 17:58
ComboFix2.txt 2012-05-02 16:28
.
Pre-Run: 131,918,184,448 bytes free
Post-Run: 131,768,930,304 bytes free
.
- - End Of File - - 34D6AD7C52CF937D92AD54B247187805
  • 0

#36
RKinner
Posted 02 May 2012 - 12:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Looking much better now. How is it running?
  • 0

#37
theprefixx
Posted 02 May 2012 - 12:06 PM

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
it's running like brand new!
  • 0

#38
RKinner
Posted 02 May 2012 - 12:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I think we can clean up now.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#39
theprefixx
Posted 02 May 2012 - 12:25 PM

theprefixx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you so much for your help, you are quite talented.. I'd be lost without you! -Megan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP