Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot Open Programs in Safe Mode ('Open With' virus).....

Started by ogam5 , Jun 05 2012 07:11 PM

  • This topic is locked This topic is locked

#121
RKinner
Posted 20 June 2012 - 01:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If it's just Firefox then uninstall it. Download a new copy and reinstall.

As far as flash goes, you need an extension in FF which may not be there in it's Safe Mode.

If we look at your uninstall list from OTL Extras:

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

You have both Flash players tho I expect both are a bit out of date. The ActiveX one is definitely old. It's the one used in IE. Everyone else uses the Plugin. When you go to adobe.com to download Flash they look at your browser and give you the correct one so you have to use IE to get the latest version of the ActiveX Flash.

When it tells you that you have updates you can right click on it and do the Custom option. I think that's what it's called. One thing you need to know about updates is that in XP in order to be able to back them out they save copies of all the old files in folders under C:\Windows\. These folders start with $Nt and are hidden system files so you normally can't see them. To see hidden files:
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

If you are not going to be uninstalling an update then its corresponding $Nt folder can be removed. (You need to empty the recycle bin to see the improvement.) Since you have had ZA installed, look in C:\Windows\Internet Logs. If the folder exists it is usually full of logs which can be removed.

Not sure what changes you are making to .Net. Normally you don't need it for much. There are a few programs that require it but most don't.

Ron
  • 0

Advertisements

#122
ogam5
Posted 21 June 2012 - 02:00 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Hi, Ron - haven't had a chance until now to reply.....followed instructions to unhide said files and extensions, but there are at least a hundred of them and I have NO idea how to determine which is of concern.....no sign of any Internet Logs folder either in WINDOWS.....if I'm understanding you correctly, going to try downloading Flash from IE next (?) but want more guidance before uninstalling and re-installing Firefox 13 - what, exactly, will that accomplish so I have some idea of what to look for once I've done so? Thanks again! Jim


UPDATE: uninstalled and reinstalled Firefox 13, then installed the correct version of Flash Player (11, from CNET) but seems to be something wrong with the synch & video speed - not sure why.....unfortunately, when I did so, Google Chrome automatically installed WITH it, adding another 100+ MBs. Not sure if Safari is critically linked to iTunes - but I want to dump at least 1 (and possibly 2, including IE8 if feasible) of these extra browsers - I just don't NEED them, at least to the best of my knowledge....

Edited by ogam5, 21 June 2012 - 04:26 PM.

  • 0

#123
RKinner
Posted 22 June 2012 - 01:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If your system is stable then you can delete all of the c:\windows\$Nt... folders. Their only purpose is to allow you to back out an update. If you don't need to back out any updates then you don't need them.

You can uninstall both Chrome and Safari. You don't have to have either one tho you will keep getting safari offered to you when you do updates. Chrome download is usually an opt out thing where you have to uncheck something before you start the download.

Uninstalling Firefox and installing the newest version was an attempt to fix the Firefox problem. Did it help?

Best to get the latest flash player from adobe.com rather than from cnet. Again you need to watch out for extras like Chrome, McAfee Security Scan, Yahoo Toolbar etc.
  • 0

#124
ogam5
Posted 22 June 2012 - 04:49 AM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....speaking of Yahoo! Toolbar, I NEED that back, bookmarks and all - stuck with the MS one and want it GONE! Not sure if I still have the Yahoo! variation on hand or need to download it again.....still can't download from Firefox; even when I tried to review the General tab in Options it froze up all over again - and I've already mentioned the issues with Flash and how YouTube isn't working quite right - that said, maybe I need to reboot/restart to alleviate that problem, and I haven't updated the IE8 Flash aperture for obvious reasons (although I'm not sure how that might affect Firefox - know there's been persistent issues with Flash and the latest version of FF, though) .....any particular reason you're inclined to have me delete Safari over IE8? I have serious misgivings about both companies but, as I said, posed a question to you about the relationship in terms of performance/support between Safari and iTunes; you don't appear to have addressed it.....as for the $NT files, don't entirely understand what you mean by 'back out' an update - haven't ever heard that particular term before - one thing's for sure, though: I really can't pronounce the system as being stable at all yet, what with the stubborn download/upload/saving/attaching problem on Firefox 13.....if I do wholesale delete them, would it be easier/are you clear on what updates would need to be triggered outside of that folder in order to correct that problem? Also, you mentioned my needing to fix/update JavaScript earlier on - want to get that squared away in the next series of actions just so I don't overlook it.....

Edited by ogam5, 22 June 2012 - 04:50 AM.

  • 0

#125
RKinner
Posted 22 June 2012 - 08:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Deleting the $Nt... files is just a way of regaining a bunch of space on the hard drive. We don't really want to do that until things are running smoothly. Backing out an update just means removing the update and reverting back to how the system was before the update.

Deleting IE is not a simple matter. Safari and Chrome can be removed easily tho I would try each and see if they can download.

The Yahoo Toolbar is usually foisted on you by some other download. However, if you want to keep it or reinstall it that's fine. It will need to be reinstalled but that's probably not going to bring back any data that was stored in it. Don't know when you got the MS toolbar but it should be easily uninstalled.

Your standard bookmarks are stored in your profile which was the C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\ folder which I asked you to move to a different location as a test to see if that was causing the FF problem. Did you do that?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware unless you want it.

You never answered my question about what you had done to .Net

Flash problems can be caused by a slow internet connection or by high CPU usage. Are the problems in IE or FF or Chrome or Safari?

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Run OTL quickscan again and post the log.

Do not edit posts except to correct typos. I do not get notified of edits so if you add something later I may not see it. Please try to remember to tell me when you do something that I have asked you to do and do not do anything I don't ask you to do.

Ron
  • 0

#126
ogam5
Posted 22 June 2012 - 12:54 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....the data is gone - oh, that's just GREAT; I had at least 1500 things saved and WANTED to have the Yahoo! toolbar - all the same, it still appears in my Add/Remove window (but with no size indicated).....it would've been nice if CompCav had bothered to tell me I'd lose the bookmarks.....can't deny it; I'm extremely pissed off about it! If it's a false alarm, I'd appreciate some guidance in recovering it/them, please. As to my Firefox profile, I asked you for clarification - and when I didn't get it, forewent any move.....also, I no longer use Firefox as my bookmark repository because I lost them TOO many times.....upon checking the Java cache, it appears to already be empty - and that I only had 1 remaining Java artifact, Update 31 (?) which I deleted.....as I'm still unable to download anything from Firefox and you've informed me you're not always able to know when additions are made to existing posts, need to close/end this entry - but will post a separate follow-up shortly.....
  • 0

#127
RKinner
Posted 22 June 2012 - 02:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Note: Yahoo! Toolbar is not required to use Yahoo! Bookmarks. You can still access your bookmarks at the Yahoo! Bookmarks website. http://bookmarks.yahoo.com/

Please break up your questions into separate sentences with a blank line between them. When you write it as one long run-on post I lose track of what you are saying.

Were you able to get the two VEW outputs?
  • 0

#128
ogam5
Posted 22 June 2012 - 02:17 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Thank you for the clarification about (and link to!) Yahoo! bookmarks. As you may have noticed, I tend to write elliptically - will refrain for our purposes though. In answer to your question, no, didn't get that far, Ron; attempted to install Java and was finally met by a notice that informed me the following file was corrupt: C:\Document^(carat standing in for a tilde; not in international mode at present)1\User\LOCALS^1\Temp\fix-runtime.exe.....Jim

Will now run the executables which you asked about.....oh yes; as to the question about.NET, just disabled it when the corresponding prompt came up. Do I need to re-enable it?

Edited by ogam5, 22 June 2012 - 02:18 PM.

  • 0

#129
ogam5
Posted 22 June 2012 - 02:20 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
- almost forgot: lingering problems with Flash have solely been in Firefox (to the best of my knowledge; will re-check both IE8 and Safari once I've completed the other tasks.....)
  • 0

#130
ogam5
Posted 22 June 2012 - 04:46 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OK.....ran all the tests/scans; have NO idea what to make of the SpeedTest results - if I even GOT any (created an account just to err on the side of caution). Please explain what it is for which I should be looking to indicate a successful test? Also, you didn't give me parameters for the OTL scan so I didn't include the Extras battery - do I need to run it again? Thanks

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
alg.exe 1236 1,132 K 100 K Application Layer Gateway Service Microsoft Corporation (Unable to verify) Microsoft Corporation
csrss.exe 452 1,732 K 2,320 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ctfmon.exe 160 964 K 1,728 K CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
explorer.exe 1500 19,188 K 10,404 K Windows Explorer Microsoft Corporation (Unable to verify) Microsoft Corporation
iexplore.exe 3228 10,476 K 4,920 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 1716 76,180 K 91,696 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 540 3,936 K 900 K LSA Shell (Export Version) Microsoft Corporation (Unable to verify) Microsoft Corporation
mbamgui.exe 1960 3,252 K 788 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe 1760 121,952 K 41,148 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mDNSResponder.exe 1700 1,164 K 820 K Bonjour Service Apple Inc. (Verified) Apple Inc.
services.exe 520 1,708 K 1,548 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 404 168 K 44 K Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 1128 3,100 K 608 K Spooler SubSystem App Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 692 3,120 K 1,524 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 788 1,788 K 1,564 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
svchost.exe 856 24,540 K 13,964 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 952 1,608 K 1,568 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 996 3,248 K 1,096 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1648 1,252 K 64 K Generic Host Process for Win32 Services Microsoft Corporation (Unable to verify) Microsoft Corporation
System 4 0 K 32 K
winlogon.exe 476 6,004 K 1,132 K Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
wmiprvse.exe 3024 2,364 K 4,928 K (Unable to verify) (null)
wscntfy.exe 1076 552 K 324 K Windows Security Center Notification App Microsoft Corporation (Unable to verify) Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
procexp.exe 2728 9.00 13,084 K 19,092 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 0 0 K 16 K






Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/06/2012 6:01:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/06/2012 5:02:44 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type


Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/06/2012 6:06:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




OTL logfile created on: 6/22/2012 6:10:51 PM - Run 5
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GtGCompCavtools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 137.39 Mb Available Physical Memory | 26.92% Memory free
673.00 Mb Paging File | 266.57 Mb Available in Paging File | 39.61% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.42 Gb Free Space | 12.96% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 2.09 Gb Free Space | 2.80% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 15:29:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GtGCompCavtools\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/21 17:56:43 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/20 02:14:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/06/16 01:00:35 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:39 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 9E 5C DB A0 4E CD 01 [binary data]
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/21 17:53:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/08 19:01:04 | 000,000,000 | ---D | M]

[2008/10/27 18:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/06/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions
[2012/05/20 07:11:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/10 08:16:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/06/21 17:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/06/17 16:29:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..Trusted Domains: streamwrhu.net ([live] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0988B9E-1F28-41A8-A972-714885C819B3}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 14:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 16:51:41 | 002,674,800 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\User\Desktop\procexp.exe
[2012/06/21 17:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Google
[2012/06/21 17:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/21 17:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/20 02:14:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/20 01:00:57 | 017,246,464 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/06/20 00:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\PrivacIE
[2012/06/19 03:17:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IETldCache
[2012/06/18 23:30:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/06/18 23:23:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/06/18 08:06:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/06/17 20:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/06/17 19:22:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/06/17 19:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/06/17 19:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/06/17 17:12:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/17 16:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/14 20:04:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/14 19:54:14 | 004,560,591 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/06/13 20:27:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/02 01:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/02 01:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype
[2012/06/02 01:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/05/29 07:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/29 05:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IObit
[2012/05/29 05:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/22 18:08:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/22 17:59:45 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2012/06/22 17:02:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 17:02:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/22 17:02:12 | 535,154,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 16:51:46 | 002,674,800 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\User\Desktop\procexp.exe
[2012/06/21 17:53:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/21 17:53:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/21 16:57:24 | 010,857,155 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Lucky Man - [LIVE] - Marillion.mp3
[2012/06/20 08:27:24 | 010,131,155 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Power [LIVE] - Marillion.mp3
[2012/06/20 03:09:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/20 02:14:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/20 01:00:57 | 017,246,464 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/06/19 12:23:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/19 11:50:32 | 000,148,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\PageCapture TU 6-19-12.JPG
[2012/06/19 03:17:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/19 02:48:44 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/18 23:01:07 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/18 23:01:07 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 08:09:40 | 000,040,020 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/17 18:59:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/17 16:29:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/17 16:01:42 | 004,560,591 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/06/16 01:00:35 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 15:25:31 | 000,053,570 | ---- | M] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[2012/06/14 20:05:00 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2012/06/12 15:26:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/11 20:40:47 | 001,557,759 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/08 19:08:20 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/06 08:34:14 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:32:48 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 14:00:10 | 001,801,855 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:43:40 | 003,471,184 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:14:52 | 002,554,547 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:51:34 | 004,300,415 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 01:21:46 | 005,043,590 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/05 01:04:54 | 003,875,068 | ---- | M] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 21:28:55 | 003,456,182 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/06/04 21:19:02 | 002,705,109 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/06/04 21:16:07 | 003,735,378 | ---- | M] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 20:58:57 | 003,948,955 | ---- | M] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 20:54:31 | 005,892,883 | ---- | M] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/04 20:47:24 | 003,763,695 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:29:23 | 002,392,118 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:21:48 | 004,059,670 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:08:50 | 002,907,357 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 17:50:25 | 004,253,185 | ---- | M] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:38:27 | 006,439,530 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:31:31 | 004,484,317 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/05/29 04:59:56 | 015,040,520 | ---- | M] () -- C:\Documents and Settings\User\Desktop\vGrabber_setup.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/22 18:00:06 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\User\Desktop\VEW.exe
[2012/06/21 17:56:50 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/21 17:53:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/21 17:53:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/21 17:53:50 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/21 16:18:14 | 010,857,155 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Lucky Man - [LIVE] - Marillion.mp3
[2012/06/20 11:39:29 | 015,040,520 | ---- | C] () -- C:\Documents and Settings\User\Desktop\vGrabber_setup.exe
[2012/06/20 08:16:24 | 010,131,155 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Power [LIVE] - Marillion.mp3
[2012/06/19 12:28:39 | 535,154,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/19 11:50:31 | 000,148,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\PageCapture TU 6-19-12.JPG
[2012/06/18 21:38:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/18 08:09:33 | 000,040,020 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/16 01:00:35 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 15:25:22 | 000,053,570 | ---- | C] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[2012/06/14 20:05:00 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2012/06/14 20:04:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/12 15:26:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/11 20:40:57 | 001,557,759 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/06 08:34:18 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:33:09 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 13:59:16 | 001,801,855 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:40:56 | 003,471,184 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:11:49 | 002,554,547 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:45:43 | 004,300,415 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 00:56:30 | 003,875,068 | ---- | C] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 18:28:18 | 002,392,118 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:23:48 | 005,043,590 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/04 18:19:53 | 004,059,670 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:16:29 | 003,763,695 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:07:47 | 002,907,357 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 18:02:13 | 003,735,378 | ---- | C] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 17:48:21 | 004,253,185 | ---- | C] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:35:37 | 006,439,530 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:29:24 | 004,484,317 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/06/04 17:22:07 | 003,948,955 | ---- | C] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 17:16:55 | 005,892,883 | ---- | C] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/01 21:15:16 | 003,456,182 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/05/31 00:16:26 | 002,705,109 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/03/17 12:42:40 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\User\Application Data\mcs.rma
[2011/06/04 09:18:39 | 000,000,022 | --S- | C] () -- C:\Documents and Settings\User\Application Data\Sys2662.Config.Repository.bin
[2010/12/12 15:10:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/12 15:10:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/12 15:10:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/12 15:10:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/12 15:10:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/29 23:37:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2011/05/18 03:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2010/07/17 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/12 14:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D05119C
[2012/06/04 15:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/08 02:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/12/25 09:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cPgMn08200
[2012/01/07 11:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/09/04 18:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/06/04 15:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/24 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/02 15:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/08 10:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3243856-7746-4A05-8837-51A28C1CDD82}
[2010/10/17 02:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2012/06/15 15:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CBS Interactive
[2012/05/08 03:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CheckPoint
[2009/06/18 22:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2012/01/07 11:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\f-secure
[2010/11/13 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FreeFileViewer
[2012/05/29 05:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2009/06/30 18:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2012/01/03 19:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OverDrive
[2012/05/13 22:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sevas-S
[2012/05/31 19:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#131
RKinner
Posted 22 June 2012 - 11:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
[2009/09/10 08:16:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present

:files
sc config getPlusHelper start= disabled /c
sc config MCSTRM start= disabled /c
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Run OTL Quickscan again and post the log.

Not sure why you are having trouble with Speedtest. You go to http://www.speedtest.net/ then wait until the Begin Test button appears then press it. It will take a while to run.
When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v


Process Explorer was not done correctly. Please follow the instructions exactly:
run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.


Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

If it's not an extension then get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.

Then let's try eset:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#132
ogam5
Posted 23 June 2012 - 11:27 AM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....performed all actions as instructed - except for 3 things:

One, despite right-clicking on the Autoruns icon, 'Administrator' was not offered as a 'Run As' option and thus have been unable to save the results at all - access denied & filepath not found are 2 of several messages I got with the red x.

Two, I saw none of the prompts you list here upon completing the ESET scan - did detect and delete 2 threats, one of which I consciously downloaded some time ago: a Speed Up My PC application, the other some sort of Trojan whose extension began with an 'N' - again, saw no means of being able to save ther esults from that either but am keeping the webpage open as with the Autorun results.

Three, attempted on separate occasions to run the SpeedTest but wasn't able to even log-in - a Google ad was obstructing the fields - on the first attempt and, even after loggin in, again didn't have any 'Begin Test' button both times (when I did on my very first which I related to you, still couldn't see anything to which you referred - think something's blocking it, PERIOD (but not sure).....


Point of information: so far as I Know, the only incorrect thing about the first Process Explorer scan was that it wasn't displayed top-to-bottom, but rather the exact opposite - a weird, less-than-cooperative program, to which I think you alluded.....

Finally, thanks for providing the direct link to my Yahoo! Bookmarks but, what I still want to know is, how do I replace the default MSN toolbar I somehow was slammed by with the previous Yahoo! Toolbar, which had indicators for Facebook, weather, new mail (of course) and so on? Here is what I can provide otherwise in terms of reports/scan results:


Procexp Results:


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 93.00 0 K 16 K
procexp.exe 1468 6.00 13,784 K 9,520 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a 1.00 0 K 0 K Hardware Interrupts and DPCs
wscntfy.exe 1372 548 K 832 K Windows Security Center Notification App Microsoft Corporation (Unable to verify) Microsoft Corporation
wmiprvse.exe 1556 2,396 K 4,952 K WMI Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 476 7,368 K 2,192 K Windows NT Logon Application Microsoft Corporation (Unable to verify) Microsoft Corporation
System 4 0 K 108 K
svchost.exe 848 15,940 K 16,952 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 688 3,008 K 2,224 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 744 1,752 K 2,076 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 936 1,684 K 1,920 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1008 1,064 K 1,056 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1600 1,276 K 1,708 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 1120 3,132 K 1,416 K Spooler SubSystem App Microsoft Corporation (Unable to verify) Microsoft Corporation
smss.exe 396 168 K 148 K Windows NT Session Manager Microsoft Corporation (Unable to verify) Microsoft Corporation
services.exe 520 1,712 K 2,080 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
notepad.exe 572 3,192 K 1,400 K Notepad Microsoft Corporation (Verified) Microsoft Windows Component Publisher
mDNSResponder.exe 1632 1,164 K 1,956 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamservice.exe 1668 122,028 K 65,820 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamgui.exe 1924 3,240 K 2,540 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsass.exe 532 3,904 K 1,524 K LSA Shell (Export Version) Microsoft Corporation (Verified) Microsoft Windows Component Publisher
iexplore.exe 1464 79,872 K 94,512 K Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
iexplore.exe 972 10,900 K 5,172 K Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
explorer.exe 1656 18,864 K 12,784 K Windows Explorer Microsoft Corporation (Unable to verify) Microsoft Corporation
ctfmon.exe 1932 932 K 2,292 K CTF Loader Microsoft Corporation (Unable to verify) Microsoft Corporation
csrss.exe 452 1,584 K 2,024 K Client Server Runtime Process Microsoft Corporation (Unable to verify) Microsoft Corporation
alg.exe 300 1,132 K 1,232 K Application Layer Gateway Service Microsoft Corporation (Unable to verify) Microsoft Corporation



Bitdefender Results:


QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Sat Jun 23 12:57:50 2012
Machine ID: 7897C3FD



No infection found.
-------------------



Processes
---------
Bonjour 1632 C:\Program Files\Bonjour\mDNSResponder.exe
Malwarebytes Anti-Malware 1924 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Malwarebytes Anti-Malware 1668 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft® Windows® Operating System 1120 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1372 C:\WINDOWS\system32\wscntfy.exe
Sysinternals autoruns 2008 C:\Documents and Settings\User\Desktop\autoruns.exe
(verified) Microsoft® Windows® Operating System 1656 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 300 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 452 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1932 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 520 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 396 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 744 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 848 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1008 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 476 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 564 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 1812 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1812) connected on port 80 (HTTP) --> 23.15.7.107
Process iexplore.exe (1812) connected on port 80 (HTTP) --> 74.125.228.99
Process iexplore.exe (1812) connected on port 80 (HTTP) --> 173.223.191.139

Process svchost.exe (744) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
AmazonMP3DownloaderPlugin C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
getPlusPlus for Adobe 16244 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
IE Services c:\program files\yahoo!\common\yiesrvc.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\MSWSOCK.DLL
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32_11_3_300_262.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
TODO: <Product name> C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll
(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: 625ea13387d3f2c003a6677d6ade6942 C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
MD5: fdc1c15f36a605e53824f95c6d910fba C:\Documents and Settings\User\Desktop\autoruns.exe
MD5: b841333dad604e063f73245b3d46503c C:\Program Files\7-Zip\7-zip.dll
MD5: 7ec56424e3e77ebf4bf5e0798175e4e5 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: ebd27b24f7925c686d2eb59bc3bc3ba2 C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 60e5af8b7b4140c711b050fae5a3ab70 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 1582cdeeb5866625e48202cc35662390 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: fb4c7b747d17882f8c5e3644cf07012f C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: a350f4ae2450eb11d621ba0f54966e30 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 7d894ed61ef0505277d8a476d7df43f1 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 5a7e7d3eea5c5c497f4b008a9f869026 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 9033d67b7112d23eded6789bacded128 C:\Program Files\iPod\bin\iPodService.exe
MD5: 15a40ada2cfcc400348e37a40237337e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 64cc5502c69fc6d67735c10cb579c548 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 0d4f461d515bb1c933533c712d99e75b C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
MD5: 55b8c7b701c4d1b0c479f3ffea83850f C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 1b82bcf0b8f9228b39f75b0dfa079a21 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 60721aa3316a200a8de23f1c502382fd C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: ba400ed640bca1eae5c727ae17c10207 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
MD5: b9571441bd0cf506790e6875160cf411 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
MD5: 7d894ed61ef0505277d8a476d7df43f1 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: f764c3bf790277a46586b9a1a6584003 C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 3ee179e233ee2b87047570b233d3284f C:\Program Files\NOS\bin\getPlus_Helper.dll
MD5: 94a85e956a065e23e0010a6a7826243b C:\Program Files\Windows Live\installer\WLSetupSvc.exe
MD5: f8981f09e8da4fdb7f6b6e2b5361aeae c:\program files\yahoo!\common\yiesrvc.dll
MD5: 42d08a04bea63d24545c543583bc5d7a C:\Program Files\Yahoo!\Common\YMMAPI.dll
MD5: 6a2e0e49a4f2a9df3e6293e37e7486bd c:\program files\yahoo!\companion\installs\cpn0\yt.dll
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 4236e014632f4163f53ebb717f41594c C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys
MD5: 06b7ef73ba5f302eecc294cdf7e19702 C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
MD5: fb097bbc1a18f044bd17bd2fccf97865 C:\WINDOWS\system32\drivers\mbam.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\System32\DRIVERS\ndistapi.sys
MD5: c90018bafdc7098619a4a95b046b30f3 C:\WINDOWS\System32\DRIVERS\p3.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: 7b5b44efe5eb9dadfb8ee29700885d23 C:\WINDOWS\System32\DRIVERS\wADV01nt.sys
MD5: eb1f6bab6c22ede0ba551b527475f7e9 C:\WINDOWS\System32\DRIVERS\wADV02NT.sys
MD5: 03ce989d846c1aa81145cb22fcb86d06 C:\WINDOWS\System32\DRIVERS\wADV05NT.sys
MD5: 0308aef61941e4af478fa1a0f83812f5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
MD5: 714038a8aa5de08e12062202cd7eaeb5 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
MD5: 7bb3aa595e4507a788de1cdc63f4c8c4 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
MD5: d83bdd5c059667a2f647a6be5703a4d2 C:\WINDOWS\System32\DRIVERS\wATV01nt.sys
MD5: ed968d23354daa0d7c621580c012a1f6 C:\WINDOWS\System32\DRIVERS\wATV02NT.sys
MD5: d738273f218a224c1ddac04203f27a84 C:\WINDOWS\System32\DRIVERS\wATV04nt.sys
MD5: 352fa0e98bc461ce1ce5d41f64db558d C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
MD5: 791cc45de6e50445be72e8ad6401ff45 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
MD5: 0052d118995cbab152daabe6106d1442 C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys
MD5: 525849b4469de021d5d61b4db9be3a9d C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys
MD5: 589c2bcdb5bd602bf7b63d210407ef8c C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 3618313f7dfb605571a48fcf55d7868f C:\WINDOWS\system32\IEFRAME.dll
MD5: d9ee4442a74dd7d65d1bcfff4e37be96 C:\WINDOWS\system32\iepeers.dll
MD5: ad850c33a8ac45cf66574e62d1645272 C:\WINDOWS\system32\iertutil.dll
MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\System32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 990dc6edc9f933194d7cd4e65146bc94 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 1e3aea3d55f6f310c3c9e3dccf2d2a02 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MD5: fdf8cf2cb78754d634d6228e12d65aa2 C:\WINDOWS\system32\msfeeds.dll
MD5: 886b62a906b3967cbbf0fd2c833a30bf C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\MSWSOCK.DLL
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: fdf44991cb9a33c901ffcbdf19ce95be C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll
MD5: 6b1774334e2975aa60596e54f5ea1430 C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\System32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS\system32\WINTRUST.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\System32\xpsp2res.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll
MD5: b0057a8beb1f7cc88662bec2b262966e E:\OpenOffice Documents\Basis\program\shlxthdl\shlxthdl.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.48 KB recvd
Scanned 475 files and modules - 141 seconds

==============================================================================
  • 0

#133
ogam5
Posted 23 June 2012 - 11:30 AM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....want to clarify re: Autoruns: only option provided other than 'Test' and the new one I created at CompCav's behest, was 'User' - since that was the default anyhow, it's what I've been trying to save it as.....
  • 0

#134
ogam5
Posted 23 June 2012 - 11:54 AM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Update: here are the Speedtest results - to put it bluntly, there wasn't much direction to go on but, somehow, I managed to figure it out - again, NOT obvious! NOTE: could not get it to work on IE*, but that may be because it was already open on Firefox (which, as I had closed it due to the continuing download issues, had forgotten about.....)



Posted Image
  • 0

#135
RKinner
Posted 23 June 2012 - 05:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Something odd is going on here. Process Explorer says a bunch of critical Windows files can not be verified tho otherwise it looks good this time as far as CPU percentage. This time they add up to almost 100% as they should. Last time there was no percentage showing from System Idle.

I think it's time to burn a CD and boot from it and run a scan independent of the operating system.

See if you can follow the instructions here:

http://www.geekstogo...ystem-tutorial/

1. Make an AVG Rescue CD:

DO NOT allow it to delete or rename any files. (Do not do steps 16 and 17) Make a written list of any files it doesn't like and then pull out the CD and reboot.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP