Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot Open Programs in Safe Mode ('Open With' virus).....


  • This topic is locked This topic is locked

#1
ogam5

ogam5

    Member

  • Member
  • PipPip
  • 87 posts
A thread which was on this site concerning problems with using Safe Mode came up in a search I did related to the 'Open With' virus preventing me from using any programs in Safe Mode, a person with the username of 'maliprog' seemed to recommend downloading a custom application called 'Killer' (but would show as just another explorer.exe process in Task Manager). Did so, have attempted to run 2X but appears to be hung up - java message reads as, 'resseting file attributes. Please wait...' and I'd be lying if I said the incorrect spelling of that message didn't unnerve me as it's a hallmark of malware! Anyhow, could maliprog or someone else please advise me as to what can be done to restore my full access to programs while in Safe Mode? In the meantime, going to restart and hope that unhangs the Killer app.....thanks; any assistance is MUCH appreciated! (Immediately after first posting this, Killer prompt came up indicating it had been COMPLETED after all.....) Jim

Edited by ogam5, 05 June 2012 - 07:15 PM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, ogam5! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 3.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry, click Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    c:\windows\installer\@ /s
    c:\windows\installer\*[email protected] /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please post:

All RKreport.txt
aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

#3
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....THANKS, CompCav - going to try this a bit later on today as there seems to be a lot involved and want to devote my full attention - will let you know of the results or if problems arise.....Jim
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
No problem and if problems arise just let me know! :thumbsup:
  • 0

#5
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OK, CompCav - here are the results of all 3 diagnostic batteries - before posting them, want to say that, with RogueKiller, had 3 items returned, 2 of which (Updater and Defender, indicated as being linked to SevasS Software) I had earlier identified as being part of the MP3 converter I downloaded from CNet and thus seemingly benign; not sure if it was actually the automatic command to run at startup detected (CCleaner seems to have a means of deleting that operation) but ignored those 2 - the third, however, seemed to indicate some sort of process associated with compromising the entire Desktop (filepath ended with, 'HideDesktop'.....) Seemed to have a persistent problem with running OTL - hung up at least twice when arriving at FireFox settings (nothing seemed to advance at all past that notice and, with no progress bar I could see, hard to confirm) but finally completed on the third attempt.....also, wasn't sure if you wanted me to download the updated antiviral definitions for the Avast-based aswMBR - didn't do so because I no longer have AVAST! proper as a program - again, running IObit Malware Fighter as my background, using SuperAntiSpyware as my primary malware scanning means and IObit as a secondary - picked up its first Trojan, probably as a result of my reconfiguring the settings a week ago - as well as CCleaner periodically - have deactivated Malwarebytes as the background or for scanning purposes, but not deleted it entirely.....also have DrWeb - Cure it! but use that rarely as it's just SUCH a desktop resource-demanding platform! LOL Hoping that there's something within this mountain of text which will get me back my Safe Mode (fingers crossed)

Thanking you SO much for all your considerable effort and assistance in advance! Jim


Report 1: RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 06/12/2012 15:02:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareDefender (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareUpdater (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] cdfs.sys : c:\windows\system32\drivers\cdfs.sys --> CANNOT FIX
[FAKED] fltmgr.sys : c:\windows\system32\drivers\fltmgr.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nv4_mini.sys : c:\windows\system32\drivers\nv4_mini.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] serial.sys : c:\windows\system32\drivers\serial.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD200BB-75CLB0 +++++
--- User ---
[MBR] d41472bbd85f68b0bc70d6a0835332ed
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD800BB-00JKC0 +++++
--- User ---
[MBR] 1b53d0963ce321c6ae1993214c3ae6ba
[BSP] 81a75347800c36ac09be0fe68c946047 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Report 2: RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Remove -- Date: 06/12/2012 15:05:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareDefender (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe) -> NOT SELECTED
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareUpdater (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] cdfs.sys : c:\windows\system32\drivers\cdfs.sys --> CANNOT FIX
[FAKED] fltmgr.sys : c:\windows\system32\drivers\fltmgr.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nv4_mini.sys : c:\windows\system32\drivers\nv4_mini.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] serial.sys : c:\windows\system32\drivers\serial.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD200BB-75CLB0 +++++
--- User ---
[MBR] d41472bbd85f68b0bc70d6a0835332ed
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD800BB-00JKC0 +++++
--- User ---
[MBR] 1b53d0963ce321c6ae1993214c3ae6ba
[BSP] 81a75347800c36ac09be0fe68c946047 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


Report 3: RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Shortcuts HJfix -- Date: 06/12/2012 15:08:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 76 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 4 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 68 / Fail 0
My documents: Success 362 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1041 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 15:23:52
-----------------------------
15:23:52.643 OS Version: Windows 5.1.2600 Service Pack 2
15:23:52.643 Number of processors: 1 586 0x80A
15:23:52.643 ComputerName: USER-2LHZ6LTLSL UserName: User
15:23:55.527 Initialize success
15:24:18.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:24:18.240 Disk 0 Vendor: WDC_WD200BB-75CLB0 05.04E05 Size: 19092MB BusType: 3
15:24:18.240 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
15:24:18.250 Disk 1 Vendor: WDC_WD800BB-00JKC0 05.01C05 Size: 76319MB BusType: 3
15:24:18.310 Disk 0 MBR read successfully
15:24:18.310 Disk 0 MBR scan
15:24:18.310 Disk 0 Windows XP default MBR code
15:24:18.320 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19085 MB offset 63
15:24:18.350 Disk 0 scanning sectors +39086145
15:24:18.480 Disk 0 scanning C:\WINDOWS\system32\drivers
15:24:51.137 Service scanning
15:25:17.996 Modules scanning
15:25:49.631 Disk 0 trace - called modules:
15:25:49.671 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
15:25:50.142 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f84ab8]
15:25:50.152 3 CLASSPNP.SYS[f85f805b] -> nt!IofCallDriver -> \Device\0000004f[0x82f85f18]
15:25:50.162 5 ACPI.sys[f856e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f83d98]
15:25:50.192 Scan finished successfully
15:26:35.197 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
15:26:35.227 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR Log.txt"


OTL Reports:


OTL logfile created on: 6/12/2012 4:02:01 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 331.80 Mb Available Physical Memory | 65.02% Memory free
672.76 Mb Paging File | 462.25 Mb Available in Paging File | 68.71% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.58 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 1.90 Gb Free Space | 2.55% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 15:29:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/05/09 16:28:52 | 004,464,472 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 13:17:38 | 001,217,880 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
MOD - [2012/01/09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/02 09:58:56 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/06/01 06:49:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/04/28 13:17:26 | 000,016,208 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/04/28 13:17:22 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/05 18:07:40 | 000,246,816 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:39 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.2.20111006100951
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}: C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\Firefox [2012/05/13 21:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 19:01:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/08 19:01:04 | 000,000,000 | ---D | M]

[2008/10/27 18:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/06/12 07:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions
[2012/05/20 07:11:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/10 08:16:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/01/22 19:16:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected]
[2008/01/30 22:45:38 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\searchplugins\search.xml
[2012/06/04 15:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/12 07:00:40 | 000,525,295 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2DX88MY5.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/05/13 21:56:30 | 000,000,000 | ---D | M] (Youtube to MP3 Converter) -- C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\APPLICATION DATA\SEVAS-S\YOUTUBE TO MP3 CONVERTER\BROWSEREXTENSIONS\FIREFOX
[2012/02/24 00:18:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/02 09:58:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 00:18:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Sevas-SSoftwareDefender] C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe (Sevas-S)
O4 - HKLM..\Run: [Sevas-SSoftwareUpdater] C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe (Sevas-S)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..Trusted Domains: streamwrhu.net ([live] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0988B9E-1F28-41A8-A972-714885C819B3}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 14:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 15:29:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/06/12 15:22:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2012/06/12 15:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2012/06/05 20:37:41 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\User\Desktop\explorer.exe
[2012/06/04 16:17:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2012/06/02 01:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/02 01:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype
[2012/06/02 01:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/06/01 06:46:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/29 07:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/29 05:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2012/05/29 05:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IObit
[2012/05/29 05:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/05/13 22:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Sevas-S
[2012/05/13 21:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sevas-S
[2012/05/13 21:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Downloads
[2012/05/13 21:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S

========== Files - Modified Within 30 Days ==========

[2012/06/12 15:29:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/06/12 15:26:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/12 15:23:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2012/06/12 14:58:07 | 001,521,152 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2012/06/12 14:48:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/12 14:48:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/12 14:48:16 | 535,154,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 20:40:47 | 001,557,759 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/08 19:08:20 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/06 08:34:14 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:32:48 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 20:37:28 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\User\Desktop\explorer.exe
[2012/06/05 14:00:10 | 001,801,855 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:43:40 | 003,471,184 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:14:52 | 002,554,547 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:51:34 | 004,300,415 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 01:21:46 | 005,043,590 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/05 01:04:54 | 003,875,068 | ---- | M] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 21:28:55 | 003,456,182 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/06/04 21:19:02 | 002,705,109 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/06/04 21:16:07 | 003,735,378 | ---- | M] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 20:58:57 | 003,948,955 | ---- | M] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 20:54:31 | 005,892,883 | ---- | M] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/04 20:47:24 | 003,763,695 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:29:23 | 002,392,118 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:21:48 | 004,059,670 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:08:50 | 002,907,357 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 17:50:25 | 004,253,185 | ---- | M] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:38:27 | 006,439,530 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:31:31 | 004,484,317 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/06/01 06:49:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/20 20:26:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/05/13 22:00:37 | 000,001,289 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\List of Downloads.lnk
[2012/05/13 22:00:37 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Downloads from YouTube.lnk

========== Files Created - No Company Name ==========

[2012/06/12 15:26:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/12 14:58:12 | 001,521,152 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2012/06/11 20:40:57 | 001,557,759 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/11 08:50:53 | 535,154,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 08:34:18 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:33:09 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 13:59:16 | 001,801,855 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:40:56 | 003,471,184 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:11:49 | 002,554,547 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:45:43 | 004,300,415 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 00:56:30 | 003,875,068 | ---- | C] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 18:28:18 | 002,392,118 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:23:48 | 005,043,590 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/04 18:19:53 | 004,059,670 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:16:29 | 003,763,695 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:07:47 | 002,907,357 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 18:02:13 | 003,735,378 | ---- | C] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 17:48:21 | 004,253,185 | ---- | C] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:35:37 | 006,439,530 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:29:24 | 004,484,317 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/06/04 17:22:07 | 003,948,955 | ---- | C] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 17:16:55 | 005,892,883 | ---- | C] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/01 21:15:16 | 003,456,182 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/05/31 00:16:26 | 002,705,109 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/05/13 22:00:37 | 000,001,289 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\List of Downloads.lnk
[2012/05/13 22:00:37 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Downloads from YouTube.lnk
[2012/03/17 12:42:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\User\Application Data\97861C
[2012/03/17 12:42:40 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\User\Application Data\mcs.rma
[2011/06/04 09:18:39 | 000,000,022 | --S- | C] () -- C:\Documents and Settings\User\Application Data\Sys2662.Config.Repository.bin
[2011/04/20 18:15:29 | 000,016,600 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2011/04/20 18:15:29 | 000,016,032 | --S- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
[2010/12/31 09:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Otizupu.bin
[2010/12/12 15:10:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/12 15:10:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/12 15:10:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/12 15:10:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/12 15:10:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/09 15:49:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qzulihuvu.dat
[2010/06/29 23:37:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2011/05/18 03:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2010/07/17 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/05/07 13:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2010/12/12 14:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D05119C
[2012/06/04 15:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/08 02:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/12/25 09:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cPgMn08200
[2012/01/07 11:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/09/04 18:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/06/04 15:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/24 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/02 15:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/08 10:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3243856-7746-4A05-8837-51A28C1CDD82}
[2010/10/17 02:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2010/07/17 20:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CBS Interactive
[2012/05/08 03:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CheckPoint
[2009/06/18 22:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2012/01/07 11:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\f-secure
[2010/11/13 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FreeFileViewer
[2012/05/29 05:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2009/06/30 18:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2012/01/03 19:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OverDrive
[2012/05/13 22:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sevas-S
[2012/05/31 19:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2012/06/05 20:37:28 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- C:\Documents and Settings\User\Desktop\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2003/03/31 08:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2003/03/31 08:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2003/03/31 08:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2003/03/31 08:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = System32\DRIVERS\netbt.sys -- [2004/08/04 02:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4EEBB38F-5DEA-43A8-A55A-FAA32F8F6B04}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9DBF0DC5-4461-4339-ABA4-8BBF7BB69D60}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{E0988B9E-1F28-41A8-A972-714885C819B3}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = System32\DRIVERS\netbios.sys -- [2004/08/04 02:03:21 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2003/03/31 08:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/02 09:58:40 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/02 09:58:40 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/02 09:58:40 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/02 09:58:54 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/02 09:58:54 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/02 09:58:54 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 08:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 08:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 08:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 08:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/02 09:58:40 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/02 09:58:40 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/02 09:58:40 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/02 09:58:54 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/02 09:58:54 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/02 09:58:54 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/05/04 08:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/05/04 08:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/05/04 08:39:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 08:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.)

< C:\Windows\assembly\tmp\U\*.* /s >

< c:\windows\installer\@ /s >

< c:\windows\installer\*[email protected] /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: USER-2LHZ6LTLSL
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D CD-ROM 0 B
Volume 1 C NTFS Partition 19 GB Healthy System
Volume 2 E NTFS Partition 75 GB Healthy

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >


Extras.Txt Report:


OTL Extras logfile created on: 6/12/2012 4:02:01 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 331.80 Mb Available Physical Memory | 65.02% Memory free
672.76 Mb Paging File | 462.25 Mb Available in Paging File | 68.71% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.58 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 1.90 Gb Free Space | 2.55% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{659314FA-F336-482D-B094-C3FCA68BB60B}" = GEAR driver installer for x86 and x64
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Rhapsody" = Rhapsody
"SpySweeper" = Spy Sweeper
"Star Trek: The Game Show" = Star Trek: The Game Show
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"YouTube to MP3 Converter" = YouTube to MP3 Converter
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2012 8:14:45 AM | Computer Name = USER-2LHZ6LTLSL | Source = IMFservice | ID = 0
Description =

Error - 5/30/2012 11:59:43 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 12.0.0.4493, faulting
module mozalloc.dll, version 12.0.0.4493, fault address 0x00001976.

Error - 6/1/2012 12:55:56 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/1/2012 7:51:44 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2012 4:10:48 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2012 7:00:51 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 12.0.0.4493, faulting
module npswf32.dll, version 11.1.102.55, fault address 0x002e8c41.

Error - 6/8/2012 5:55:02 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application yt2mp3converter.exe, version 1.2.0.324, faulting
module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.

Error - 6/8/2012 7:57:20 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 12.0.0.4493, faulting
module npswf32.dll, version 11.1.102.55, fault address 0x0007036d.

Error - 6/11/2012 8:37:06 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.3.23, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2012 3:44:22 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.48.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 5/29/2012 8:14:45 AM | Computer Name = USER-2LHZ6LTLSL | Source = IMFservice | ID = 0
Description =

Error - 5/30/2012 11:59:43 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 12.0.0.4493, faulting
module mozalloc.dll, version 12.0.0.4493, fault address 0x00001976.

Error - 6/1/2012 12:55:56 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/1/2012 7:51:44 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2012 4:10:48 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2012 7:00:51 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 12.0.0.4493, faulting
module npswf32.dll, version 11.1.102.55, fault address 0x002e8c41.

Error - 6/8/2012 5:55:02 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application yt2mp3converter.exe, version 1.2.0.324, faulting
module msvcr90.dll, version 9.0.30729.6161, fault address 0x0005beae.

Error - 6/8/2012 7:57:20 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 12.0.0.4493, faulting
module npswf32.dll, version 11.1.102.55, fault address 0x0007036d.

Error - 6/11/2012 8:37:06 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.3.23, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2012 3:44:22 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.48.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/11/2012 8:49:12 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 6/11/2012 8:49:12 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/11/2012 8:49:12 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 6/11/2012 8:49:12 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 6/11/2012 8:49:12 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/11/2012 8:49:12 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips IPSec MRxSmb NetBIOS NetBT P3 RasAcd Rdbss SASDIFSV SASKUTIL Tcpip

Error - 6/11/2012 8:49:20 AM | Computer Name = USER-2LHZ6LTLSL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/11/2012 8:51:25 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/12/2012 2:48:37 PM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/12/2012 3:01:00 PM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >


Desktop.ini Report (?)

[.ShellClassInfo]
FolderType=MusicAlbum
MusicBuyUrl=http://redir.metaservices.microsoft.com/redir/buynow/?providerName=ZACR DBS&albumID=415C7A6D-F223-4423-84F9-636609D7D078&a_id=%20&album=The%20Best%20Of%20Mr.%20Mister&artistID=981FED16-FB22-477F-97DF-75F0B8CABBF4&p_id=%20&artist=Mr.%20Mister&locale=409&geoid=f4&version=11.0.5721.5268&userlocale=409
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What symptoms do you currently still have?



Step 1.

Please rerun RogueKiller and allow it to replace the Sevas-SSoftware lines they are malware.


Then post the both new logs.
  • 0

#7
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OK, but will that compromise the MP3 Converter program? Thanks for being patient with me!
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

but will that compromise the MP3 Converter program?

No it will not.

What are your current symptoms????
  • 0

#9
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
....deleted both Defender and Updater as instructed - still a bit concerned though; the MP3 converter program came up listed as a process along with them at the outset.....here's the new set of RogueKiller reports:


Report 1:

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 06/12/2012 21:24:34

¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] YouTubeDownloaderExtension.dll -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll -> UNLOADED
[SUSP PATH] defender.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe -> KILLED [TermProc]
[SUSP PATH] updater.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe -> KILLED [TermProc]
[SUSP PATH] yt2mp3converter.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareDefender (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareUpdater (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] cdfs.sys : c:\windows\system32\drivers\cdfs.sys --> CANNOT FIX
[FAKED] fltmgr.sys : c:\windows\system32\drivers\fltmgr.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nv4_mini.sys : c:\windows\system32\drivers\nv4_mini.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] serial.sys : c:\windows\system32\drivers\serial.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD200BB-75CLB0 +++++
--- User ---
[MBR] d41472bbd85f68b0bc70d6a0835332ed
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD800BB-00JKC0 +++++
--- User ---
[MBR] 1b53d0963ce321c6ae1993214c3ae6ba
[BSP] 81a75347800c36ac09be0fe68c946047 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


Report 2:

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Remove -- Date: 06/12/2012 21:25:06

¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] YouTubeDownloaderExtension.dll -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll -> UNLOADED
[SUSP PATH] defender.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe -> KILLED [TermProc]
[SUSP PATH] updater.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe -> KILLED [TermProc]
[SUSP PATH] yt2mp3converter.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareDefender (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : Sevas-SSoftwareUpdater (C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[FAKED] cdfs.sys : c:\windows\system32\drivers\cdfs.sys --> CANNOT FIX
[FAKED] fltmgr.sys : c:\windows\system32\drivers\fltmgr.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] nv4_mini.sys : c:\windows\system32\drivers\nv4_mini.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] serial.sys : c:\windows\system32\drivers\serial.sys --> CANNOT FIX
[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD200BB-75CLB0 +++++
--- User ---
[MBR] d41472bbd85f68b0bc70d6a0835332ed
[BSP] f49cae14d8b91b005dff84b1f6d8852f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD800BB-00JKC0 +++++
--- User ---
[MBR] 1b53d0963ce321c6ae1993214c3ae6ba
[BSP] 81a75347800c36ac09be0fe68c946047 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt


Report 3:


RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Shortcuts HJfix -- Date: 06/12/2012 21:29:16

¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] YouTubeDownloaderExtension.dll -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll -> UNLOADED
[SUSP PATH] defender.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe -> KILLED [TermProc]
[SUSP PATH] updater.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe -> KILLED [TermProc]
[SUSP PATH] yt2mp3converter.exe -- C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\YouTube To MP3 Converter\yt2mp3converter.exe -> KILLED [TermProc]

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 11 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 13 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    E - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
    FF - prefs.js..network.proxy.type: 4
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    [2009/01/22 19:16:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected]
    [2008/01/30 22:45:38 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\searchplugins\search.xml
    [2012/02/24 00:18:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/02/24 00:18:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [Sevas-SSoftwareDefender] C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe (Sevas-S)
    O4 - HKLM..\Run: [Sevas-SSoftwareUpdater] C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe (Sevas-S)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    [2011/04/20 18:15:29 | 000,016,600 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
    [2011/04/20 18:15:29 | 000,016,032 | --S- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122
    [2010/12/31 09:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Otizupu.bin
    [2010/07/09 15:49:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qzulihuvu.dat
    
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Please post the log and give me an update on how the computer is performing.
  • 0

Advertisements


#11
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Hi, CompCav - sorry I'm only getting back to you on this now; never received any email notice that you'd replied.....attempted to open Malwarebytes as instructed but got a prompt that the database was either missing or corrupt (icon no longer showing at all in the Tray; tried to open from the Start menu.....) What should I do next in light of this development? Jim
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Skip that part of it and go directly to the OTL fix
  • 0

#13
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OK< CompCav - ran OTL again with code input, and it appears from the following report that 346MB of bad processes were deleted (!) NoScript, however, is once again hypervigilant:( Anyhow:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 removed from extensions.enabledItems
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
Prefs.js: [email protected]:1.0.0.071101000055 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected]\platform\WINNT_x86-msvc folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected]\platform folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected]\components folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\searchplugins\search.xml moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sevas-SSoftwareDefender not found.
C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Defender\defender.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sevas-SSoftwareUpdater not found.
C:\Documents and Settings\User\Local Settings\Application Data\Sevas-S\Updater\updater.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\e1jfwcf2fw3u872lgs54ld248yfgrue122 moved successfully.
C:\WINDOWS\Otizupu.bin moved successfully.
C:\WINDOWS\Qzulihuvu.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 17435 bytes
->Temporary Internet Files folder emptied: 182951 bytes
->FireFox cache emptied: 43600837 bytes
->Flash cache emptied: 995 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 1053080 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 992072 bytes
->Temporary Internet Files folder emptied: 4804952 bytes
->Java cache emptied: 303677 bytes
->FireFox cache emptied: 2278961 bytes
->Flash cache emptied: 19787 bytes

User: test
->Temp folder emptied: 856372 bytes
->Temporary Internet Files folder emptied: 15254742 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43957902 bytes
->Flash cache emptied: 1807 bytes

User: User
->Temp folder emptied: 1125345 bytes
->Temporary Internet Files folder emptied: 768012 bytes
->Java cache emptied: 20826406 bytes
->FireFox cache emptied: 129760646 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 45309 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2296132 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 92702058 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65580 bytes
RecycleBin emptied: 1540469 bytes

Total Files Cleaned = 346.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06132012_202700

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Your free youtube to MP3 tool is from a company in Ukraine and it is setting off multiple alarms. I have two alternates for you after we finish cleaning your machine so please uninstall:

YouTube to MP3 Converter


Step 2.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)



Step 3.

Please uninstall:

IOBit Malware Fighter
SuperAntiSpyware
ZoneAlarm LTD Toolbar


You have Malwarebytes as an antimalware and antispyware product. After we complete the cleaning you may reinstall SuperAntiSpyware but too many of these can cause conflicts and actually result in malware slipping by the multiple fighting products.


Step 4.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This infection will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



Step 5.

Please post:

exehelperlog.txt
ComboFix.txt


Update me on your computer's performance.
  • 0

#15
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....I'm a little leery about dumping the Ukraine-based MP3 converter - is CNET aware of its origins and threat potential? Can you tell me anything about the 2 alternatives to which you allude - particularly, do they leave any footprints which Apple could detect were I to upload the files to iTunes for burning/listening? Also, one of the reasons I installed IObit Fighter is that it appears Malwarebytes is a strictly TRIAL version (?) although I do appreciate that it's a MUCH smaller program than IO. As for the ZoneAlarm toolbar (thought I'd uninstalled the actual program) how exactly do I get at and delete/remove it? Thanks again for your patience with me! LOL
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP