Need help believe infected with Packed.Win32.Katusha.o/Doompack - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Need help believe infected with Packed.Win32.Katusha.o/Doompack

#1 Vickyanne

  • Group: Member
  • Posts: 4
  • Joined: 13-June 12

Posted 13 June 2012 - 08:43 AM

Hi Geeks!
I acquired this desktop from an x-roommate and its a total mess. I have tried and tried unsuccessfully to clean it up and rid it of any viruses and malware myself...but to no avail. I hope I didn't make it worse. Many scans show it is clean but the Kapersky virus scan showed it to have Packed.Win32 Katusha.o / Doompack. (System Volume Info-restore/A0051729.exe) or something similar. I am sure someone is using this computer remotely and might have been for a long time. I also got a message from google regarding alot of traffic is coming to them from my network IP address..?? I have found strange files and new users accounts created. I went ahead and scanned with OTL and found a topic who has similar infections I believed as this one....and also put in some custom scans that they were told to do. I am attaching the OTL's (2) to this topic for your review. I am at my wits end. I was just going to restore to factory settings but I believe this computer was custom made....put together whatever...and not sure is that is an option.
I would appreciate any help you can give me. My homepage has been redirected, my desktop icons have changed, now my start page has alot of the menu options gone, settings changed...etc. That is to just name a few of the issues lately.

I hope to be hearing back from you soon.

Have a great day and again...thanks for your help.

Vicky
Attached File  OTL.Txt (120.01K)
Number of downloads: 7
Attached File  Extras.Txt (57.2K)
Number of downloads: 3


OTL.txt

OTL logfile created on: 6/13/2012 8:40:54 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\SoSo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.41% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.13 Gb Total Space | 60.87 Gb Free Space | 65.36% Space Free | Partition Type: NTFS
Drive D: | 96.79 Gb Total Space | 42.53 Gb Free Space | 43.94% Space Free | Partition Type: NTFS

Computer Name: USER-3ECCF264AD | User Name: SoSo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 08:38:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SoSo\My Documents\Downloads\OTL.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/04/25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/04/25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012/04/25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/04/25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/04/25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2012/01/13 15:29:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2012/01/13 15:27:47 | 000,255,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
MOD - [2012/01/13 15:27:14 | 002,338,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
MOD - [2012/01/13 15:27:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
MOD - [2012/01/13 15:27:09 | 001,056,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
MOD - [2012/01/13 06:34:37 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012/01/13 06:34:25 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010/07/08 00:52:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/07/08 00:52:42 | 002,307,688 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/11 20:49:19 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/13 08:21:27 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{805E9C96-29FE-4B12-B2FF-8F8AB28F52E5}\MpKsl43912907.sys -- (MpKsl43912907)
DRV - [2012/06/13 04:21:28 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/26 21:21:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/26 21:20:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/07/09 20:56:00 | 004,449,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/02/10 08:07:50 | 000,456,448 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2001/08/17 07:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F9 D5 9F 11 84 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0AC85DA3-F676-4817-9A20-654C4885E53D}: "URL" = http://www.bing.com/...ms}&FORM=IE0006
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-24 03:49:23&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9AB464EA-A402-4C8D-AA67-EE71759C60D1}: "URL" = http://www.google.co...1I7GGHP_enUS459
IE - HKCU\..\SearchScopes\{E24C359D-F307-4065-9B9C-234FA36F71E2}: "URL" = http://websearch.ask...3D-C670A62DE719
IE - HKCU\..\SearchScopes\{FF09B7BA-09C4-497B-B9CF-94826CCE9078}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B12811779-4324-460c-8dad-357e249aee04%7D&mid=6f8d70369b8747d0a864d15de3e03f81-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-24%2003%3A49%3A23&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/03 17:48:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/13 06:34:01 | 000,000,000 | ---D | M]

[2011/10/06 05:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SoSo\Application Data\Mozilla\Extensions
[2012/05/20 19:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SoSo\Application Data\Mozilla\Firefox\Profiles\x6c48ha1.default\extensions
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Mozilla\Firefox\Profiles\x6c48ha1.default\searchplugins\askcom.xml
[2012/05/21 06:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/24 03:49:17 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\SoSo\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\SoSo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\SoSo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/13 05:02:03 | 000,000,901 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe (Lexmark)
O4 - HKCU..\Run: [AVG PC Tuneup] "C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe" -UseTray File not found
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1337898210078 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7AF108-4F09-403A-9FB3-0D1852113947}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F42A125B-D25A-470A-A2B8-3FC1966253AB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SoSo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SoSo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/05 00:48:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - BingBar 7.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 08:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/13 08:04:50 | 000,292,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\SoSo\My Documents\directx end user update.exe
[2012/06/13 08:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/13 07:54:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/06/13 07:38:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/06/13 07:35:47 | 000,000,000 | ---D | C] -- C:\c740877f19401f3d3c80bff8966ae53b
[2012/06/13 05:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Start Menu\Programs\Kaspersky Security Scan
[2012/06/13 05:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/06/13 05:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
[2012/06/13 04:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Desktop\RK_Quarantine
[2012/06/13 03:34:11 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/06/13 03:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/13 03:33:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/06/13 03:33:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/06/12 05:24:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2012/06/12 05:24:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2012/06/12 05:19:00 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/06/12 05:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/06/12 05:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/06/12 05:17:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2012/06/04 13:11:49 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys
[2012/06/04 13:11:49 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/06/04 13:09:50 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2012/06/03 13:40:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/05/25 06:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\Spybot - Search & Destroy
[2012/05/25 06:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\Malwarebytes' Anti-Malware
[2012/05/25 05:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\FirstClass
[2012/05/25 05:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\Playlists that were shared
[2012/05/25 00:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Windows Search
[2012/05/25 00:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2012/05/24 18:02:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/05/24 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Local Settings\Application Data\Microsoft Corporation
[2012/05/24 18:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/05/24 17:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Local Settings\Application Data\Identities
[2012/05/24 17:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Windows Desktop Search
[2012/05/24 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/05/24 17:45:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/05/24 10:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/24 10:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2012/05/24 04:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\AVG
[2012/05/24 04:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2012/05/24 03:48:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/05/24 03:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
[2012/05/24 03:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/24 03:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/05/24 03:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Local Settings\Application Data\Sun
[2012/05/21 09:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Malwarebytes
[2012/05/21 09:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/05/21 09:12:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/21 09:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Oracle
[2012/05/21 09:07:16 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/05/21 09:07:16 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/15 07:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/15 07:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\ElevatedDiagnostics
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/13 08:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/13 08:23:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/13 08:22:42 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/06/13 08:12:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/13 08:11:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/13 08:04:50 | 000,292,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\SoSo\My Documents\directx end user update.exe
[2012/06/13 07:58:07 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/13 07:57:55 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/06/13 07:57:55 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1005.job
[2012/06/13 07:57:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1003.job
[2012/06/13 07:57:55 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1006.job
[2012/06/13 07:57:55 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1004.job
[2012/06/13 07:57:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/13 07:52:33 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 07:19:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 06:35:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/06/13 06:32:01 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/13 06:32:01 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/06/13 06:30:02 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Shortcut to Downloads.lnk
[2012/06/13 05:20:08 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Kaspersky Security Scan.lnk
[2012/06/13 05:02:03 | 000,000,901 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/13 04:31:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN16K21J9F05D2.job
[2012/06/13 04:21:28 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/13 03:28:23 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Windows Media Player.lnk
[2012/06/12 05:24:44 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/12 05:18:55 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/06/12 05:18:55 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/06/12 05:17:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/06/11 23:01:42 | 000,233,808 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/11 23:01:42 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/11 23:01:41 | 000,233,804 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/11 22:48:19 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/06/11 20:49:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/11 20:49:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/11 12:38:06 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/06/09 12:16:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1005.job
[2012/06/07 20:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1004.job
[2012/06/06 17:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1006.job
[2012/06/06 16:13:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1003.job
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/25 06:39:21 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012/05/25 06:39:21 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012/05/25 05:22:03 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\SoSo\My Documents\Default.rdp
[2012/05/24 18:18:51 | 000,084,599 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\windows updgrade advisor to windows7.mht
[2012/05/24 17:45:34 | 000,457,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/24 17:45:34 | 000,075,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/24 16:14:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/24 11:05:08 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120524-132832.backup
[2012/05/24 10:40:00 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/24 06:30:36 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\infections.csv
[2012/05/21 09:12:58 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/21 08:22:12 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\SoSo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/21 01:03:46 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2012/05/15 19:06:50 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/15 19:06:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/15 08:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/05/15 08:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/13 08:22:42 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/13 08:22:42 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/06/13 08:12:43 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/13 07:58:07 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\SoSo\Start Menu\Programs\Internet Explorer.lnk
[2012/06/13 06:32:01 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/13 06:32:01 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/13 06:32:00 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/06/13 06:30:02 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Shortcut to Downloads.lnk
[2012/06/13 05:20:17 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Kaspersky Security Scan.lnk
[2012/06/13 04:21:28 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/13 03:28:23 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Windows Media Player.lnk
[2012/06/12 05:24:44 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/12 05:23:45 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\SoSo\Start Menu\Programs\Windows Media Player.lnk
[2012/06/12 05:17:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/06/11 22:48:19 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/05/25 06:39:21 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012/05/25 06:39:20 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012/05/25 05:22:03 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\SoSo\My Documents\Default.rdp
[2012/05/25 00:32:05 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/24 18:18:51 | 000,084,599 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\windows updgrade advisor to windows7.mht
[2012/05/24 10:40:00 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/24 06:30:36 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\infections.csv
[2012/05/21 09:12:58 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/21 01:03:46 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2012/02/25 20:09:00 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\SoSo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/25 12:47:51 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ament.ini
[2011/11/04 09:12:23 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2011/10/15 15:30:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/14 16:13:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/12 04:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 00:40:51 | 000,011,952 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\w38r43d256106t
[2011/01/03 12:08:37 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/03 12:08:33 | 000,233,808 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/03 12:08:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/03 12:08:05 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/12/31 12:52:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 12:47:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/31 06:19:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/31 06:16:51 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/10 06:38:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/05 00:45:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS11\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/05 00:45:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS11\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS12\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS12\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS11\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS11\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS11\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/05 00:45:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS11\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/05 00:45:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS11\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS12\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS12\system32\drivers\atapi.sys
[2001/08/23 10:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS11\$NtServicePackUninstall$\atapi.sys
[2001/08/23 10:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS11\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS11\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS11\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS11\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS12\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS12\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS11\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS11\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS11\system32\eventlog.dll
[2001/08/23 10:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS11\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS12\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS12\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS11\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS11\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS11\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS11\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS11\system32\netlogon.dll
[2001/08/23 10:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS11\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for XP2000v457.zip\XP2000\W2K_XP\IDE\Win2K\sata_ide\nvata.sys
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for XP2000v457.zip\XP2000\W2K_XP\IDE\WinXP\sata_ide\nvata.sys
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for XP2000v457.zip\XP2000\W2K_XP\IDE\Win2K\sata_ide\nvata.sys
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for XP2000v457.zip\XP2000\W2K_XP\IDE\WinXP\sata_ide\nvata.sys
[2006/06/28 18:38:00 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\My Documents\XP2000\W2K_XP\IDE\Win2K\sata_ide\nvata.sys
[2006/06/28 18:38:00 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\My Documents\XP2000\W2K_XP\IDE\WinXP\sata_ide\nvata.sys
[2006/06/28 04:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS11\system32\drivers\nvata.sys
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\WINDOWS12\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for XP2000v457.zip\XP2000\W2K_XP\IDE\Win2K\sataraid\nvatabus.sys
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for XP2000v457.zip\XP2000\W2K_XP\IDE\WinXP\sataraid\nvatabus.sys
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for XP2000v457.zip\XP2000\W2K_XP\IDE\Win2K\sataraid\nvatabus.sys
[2006/06/28 18:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for XP2000v457.zip\XP2000\W2K_XP\IDE\WinXP\sataraid\nvatabus.sys
[2006/06/28 18:38:00 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\My Documents\XP2000\W2K_XP\IDE\Win2K\sataraid\nvatabus.sys
[2006/06/28 18:38:00 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=9ECCD189A9554C30A0D18A429778C7BA -- C:\Documents and Settings\Owner\My Documents\XP2000\W2K_XP\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS11\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS11\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\backup\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS11\system32\scecli.dll
[2001/08/23 10:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS11\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS12\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS12\system32\scecli.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-28 08:01:16

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4

< End of report >


Extras.txt

OTL Extras logfile created on: 6/13/2012 8:40:54 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\SoSo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.41% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.13 Gb Total Space | 60.87 Gb Free Space | 65.36% Space Free | Partition Type: NTFS
Drive D: | 96.79 Gb Total Space | 42.53 Gb Free Space | 43.94% Space Free | Partition Type: NTFS

Computer Name: USER-3ECCF264AD | User Name: SoSo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}" = HP Deskjet 1000 J110 series Basic Device Software
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2012 3:22:15 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/12/2012 6:23:00 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 4:23:37 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 6:13:44 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 6:35:03 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 8:52:42 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 8:57:39 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 9:12:04 AM | Computer Name = USER-3ECCF264AD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 6/13/2012 9:17:38 AM | Computer Name = USER-3ECCF264AD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050a003, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/13/2012 9:34:06 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Security Client | ID = 5000
Description =

[ Application Events ]
Error - 6/12/2012 3:22:15 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/12/2012 6:23:00 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 4:23:37 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 6:13:44 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 6:35:03 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 8:52:42 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 8:57:39 AM | Computer Name = USER-3ECCF264AD | Source = MSSHA | ID = 1003
Description = The Windows Security Health Agent could not be initialized. Failure
Code: 80070424.

Error - 6/13/2012 9:12:04 AM | Computer Name = USER-3ECCF264AD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 6/13/2012 9:17:38 AM | Computer Name = USER-3ECCF264AD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x8050a003, P2 mpupdateengine, P3 am fe,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1526.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

Error - 6/13/2012 9:34:06 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 6/13/2012 8:57:41 AM | Computer Name = USER-3ECCF264AD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/13/2012 8:57:41 AM | Computer Name = USER-3ECCF264AD | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 6/13/2012 9:12:53 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description:
The specified service does not exist as an installed service.

Error - 6/13/2012 9:13:42 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description:
The specified service does not exist as an installed service.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:35:17 AM | Computer Name = USER-3ECCF264AD | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 7469 minutes. NtpClient has no source of accurate
time.

[ System Events ]
Error - 6/13/2012 8:57:41 AM | Computer Name = USER-3ECCF264AD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/13/2012 8:57:41 AM | Computer Name = USER-3ECCF264AD | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 6/13/2012 9:12:53 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description:
The specified service does not exist as an installed service.

Error - 6/13/2012 9:13:42 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description:
The specified service does not exist as an installed service.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:18:11 AM | Computer Name = USER-3ECCF264AD | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.1891.0 Update Source: %%851 Update Stage:
%%854 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x8050a003 Error description: This
package does not contain up-to-date definition files for this program. For more
information, see Help and Support.

Error - 6/13/2012 9:35:17 AM | Computer Name = USER-3ECCF264AD | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 7469 minutes. NtpClient has no source of accurate
time.


< End of report >

#2 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 13 June 2012 - 01:40 PM

Hello Vickyanne and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

#3 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 13 June 2012 - 02:26 PM

Hi Vickyanne,

Quote

My homepage has been redirected

Can you tell me to which website? OTL shows your homepage is google.com on IE and Firefox.

# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE - HKCU\..\SearchScopes\{E24C359D-F307-4065-9B9C-234FA36F71E2}: "URL" = http://websearch.ask...3D-C670A62DE719
FF - prefs.js..browser.search.order.1: "Ask.com"

:Commands
[CREATERESTOREPOINT]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


# Step 3 #

Please, Reopen MalwareBytes' Anti-Malware.

  • Go to the tab Updates and click in Download Update. If there's an update, allow MBAM to update its database.
  • Now, click on the tab Verify and select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

#4 Vickyanne

  • Group: Member
  • Posts: 4
  • Joined: 13-June 12

Posted 15 June 2012 - 04:37 AM

Hi Whitehat!
Thanks for your help. I am copying and pasting the logs you requested below. I wanted to let you know a few other things that I have been encountering.

1. My homepage was being redirected to the AVG search homepage. Right now it is going to google.com but It is suppose to go to my Igoogle.com page.

2. The Malwarebytes scan showed no infections...but I believe I still have someone using this computer remotely.

3. I am still not able to put my firewall to automatic updates.

4. Sometimes when I go to google.com ,,I get the following message:
*****Our systems have detected unusual traffic from your computer network. Please try your request again later. Why did this happen?

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop.

This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible.
Check for malware on your computer.
Malicious software, sometimes bundled with other free downloads without your knowledge, can trigger Google to show this message. Visit our security information site for some well-known programs that can detect and remove such applications.
If the suggested programs don't resolve the problem, you might want to try an advanced troubleshooting program such as HijackThis.
Advanced troubleshooting: HijackThis
HijackThis lets you view programs installed on your computer and easily remove malicious ones.
We're not affiliated with HijackThis and cannot vouch for it ourselves; however, many of our users have found it helpful. If you'd like to try HijackThis, please visit http://www.download....4-10227353.html for instructions on installing and using this program.
After scanning your computer using HijackThis, analyze the generated log to determine which programs to remove.
Deleting legitimate lines in your HijackThis log can have adverse effects on your computer, so please exercise caution.
After using HijackThis, we suggest that you update and run the three applications listed below again. Although you've already run these programs, doing so after using HijackThis often exposes additional files.
Lavasoft Ad-Aware
Spybot Search and Destroy
MacScan (for Mac users)
Contact your network administrator.
If you tried the steps above and haven't resolved the issue, it's very likely that a user or a computer in your network is sending automated traffic to Google. Your network administrator may be able to locate and shut down the source of the automated traffic; feel free to refer them to this page. Sending automated queries of any sort to Google is against our Terms of Service. This includes, among other things, the following activities:
Using any software that sends queries to Google to determine how a website or webpage ranks on Google for various queries
'Meta-searching' Google
Performing 'offline' searches on Google
Once the automated traffic has stopped, the ban on your IP address should be automatically lifted.
If the problem persists, your network administrator should contact us.
If your network continues to experience this message in error, please send us additional information.

Sometimes you may see this page if you are using advanced terms that robots are known to use, or sending requests very quickly.

5. I also had a proxy that showed up on my desktop after doing a scan. Now it has disappeared.

6. My desktop icons change randomly or disappear. When I go to my documents, administrative tools, etc. now...there is nothing there. Many of my files have disappeared and I believe some programs as well.

7. My sound is not working either and the option to put it back active is not there either. When I go to Sound and Audio Device properties it says no audio device. I have gone to hardware to try and activate it but it doesn't work.

8. My latest scan showed a trojan/Java/Mesdah.A, C, and D which was removed.

9. I did have AVG as my scheduled antivirus but uninstalled it to try the trial version of Kapersky's Internet security. There Kapersky Security Scan is the one that reported the Packed.Win32.Katusha.o viruses. After doing there free scan then I was going to try their trial version and it would not let me install it completely.

10. In the meantime I added Microsoft Internet Security to monitor daily and it found the Mesdah viruses and removed them. But now I can't update the Microsoft Internet Security. IT said my internet connection failed but I am connected. And it gave me error code: #0x80070424.

11. There are additional users accounts on here. There is the administrator account,administrator.user-1BF4E7E8D5, administrator.user-3ECCF264AD, All Users, All users.windows, All users.windows1, owner, and Soso. These are under my Documents and Settings folder. When I go to the C drive here is what is listed: Windows file, Windowsll, Windows12, c740877f19401f3d3c80bff8966ae53b, a9730a9d104e3afd9f8f, b0f523229ec0985c44, eprint Mobil, besides the Logs and program files.
Under these are all kinds of DLL files that have been created, and bunches and bunches of other files that I know are not files that are suppose to be on here. ( DAT files, cache files, setup files, tmp files...I could go on and on.

So I hope I am covering everyhing. Like I said...I don't know what to do anymore.
Any help at all would be appreciated more than you know.

I am now copying and pasting the logs you requested below. Hope to hear back from you soon.

Logs:

OTL newest log:

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E24C359D-F307-4065-9B9C-234FA36F71E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E24C359D-F307-4065-9B9C-234FA36F71E2}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06142012_001204


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-14 00:22:10
-----------------------------
00:22:10.125 OS Version: Windows 5.1.2600 Service Pack 3
00:22:10.125 Number of processors: 2 586 0x6B02
00:22:10.125 ComputerName: USER-3ECCF264AD UserName: SoSo
00:22:13.062 Initialize success
00:24:07.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
00:24:07.140 Disk 0 Vendor: Maxtor_6V200E0 VA111630 Size: 194481MB BusType: 3
00:24:07.156 Disk 0 MBR read successfully
00:24:07.156 Disk 0 MBR scan
00:24:07.156 Disk 0 Windows XP default MBR code
00:24:07.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95362 MB offset 63
00:24:07.156 Disk 0 Partition - 00 0F Extended LBA 99111 MB offset 195302205
00:24:07.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99111 MB offset 195302268
00:24:07.171 Disk 0 scanning sectors +398283480
00:24:07.234 Disk 0 scanning C:\WINDOWS\system32\drivers
00:24:11.000 Service scanning
00:24:14.703 Service MpKsl694040a0 c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEB771A0-F4F0-4BDB-99D2-BA9A0D430FD4}\MpKsl694040a0.sys **LOCKED** 32
00:24:18.812 Modules scanning
00:24:27.109 Disk 0 trace - called modules:
00:24:27.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:24:27.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a700ab8]
00:24:27.125 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000063[0x8a7861a8]
00:24:27.125 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8a74bd98]
00:24:27.125 Scan finished successfully
00:25:27.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SoSo\Desktop\MBR.dat"
00:25:27.515 The log file has been saved successfully to "C:\Documents and Settings\SoSo\Desktop\aswMBR.txt"


Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
SoSo :: USER-3ECCF264AD [administrator]

6/14/2012 12:31:03 AM
mbam-log-2012-06-14 (00-31-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 769726
Time elapsed: 2 hour(s), 3 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

Files Detected: 0
(No malicious items detected)

(end)

Let me know what to do next and what you think is going on.

I appreciate it very much and hope your having a great Friday!

Vicky

#5 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 16 June 2012 - 06:57 PM

Quote

7. My sound is not working either and the option to put it back active is not there either. When I go to Sound and Audio Device properties it says no audio device. I have gone to hardware to try and activate it but it doesn't work.
Probably you will need to reinstall the audio driver.

You said that you installed a lot of security softwares. If you have more than one antivirus installed in your computer, uninstall. Have more than one antivirus installed brings no benefit for computer security. Besides, They can compete with each other for system resources. More than one AV running has been known to produce false positives, and you end up with less protection.

Quote

1. My homepage was being redirected to the AVG search homepage. Right now it is going to google.com but It is suppose to go to my Igoogle.com page.

This happens because you installed an AVG software. I can remove the AVG Safe Search, just let me know.

# Step 1 #

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.




# Step 2 #
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image
  • The report has been created on the desktop.


  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.


Please post: All RKreport.txt text files located on your desktop.

# Step 3 #



Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 4 #

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

#6 Vickyanne

  • Group: Member
  • Posts: 4
  • Joined: 13-June 12

Posted 19 June 2012 - 06:25 PM

Good Evening Whitehat~

Completed all tasks requested. I will copy and paste the logs below. I am only running Microsoft Security Essentials...but I have just noticed the icon is not in my quick launch window any longer. Also when I click on the Sound (which my roommate got on here and messed with the sound and installed a driver and/or soundcard apparently. (Realtek) So now there is two volume widgets in my quick launch. When I click on the Realtek sound widget to expand,, the other widgets are very large...they look different. I think she also downloaded a youtube downloader as well. I told her not to do anything until everything is all fixed. I am sorry about that. I noticed the changes and some of what she did might have made some more issues. Also regarding the antivirus ...At one time I had seen something about Windows Defender on here. I am aware you cannot run more than one antivirus on here. I should only have MS Security Essentials and Malwarebytes on demand and Spybot on demand. I didn't want to change or add anything until I receive the "all clean" status from you. I have tried to check if Windows Defender is running on here or not or any other antivirus program in the background ... but of course with this thing all infected It probably wouldn't bring everything up for me anyway.

Just with what has been done already I have noticed some good changes. I really appreciate your help and I am now copying and pasting the logs you requested. I will stand by until I hear from you further.

Thank you again!!

Vicky

FSS log:

Farbar Service Scanner Version: 19-06-2012 01
Ran by SoSo (administrator) on 19-06-2012 at 17:44:42
Running from "C:\Documents and Settings\SoSo\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

RK Log(1):

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: SoSo [Admin rights]
Mode: Scan -- Date: 06/19/2012 17:52:28

ĪĪĪ Bad processes: 0 ĪĪĪ

ĪĪĪ Registry Entries: 0 ĪĪĪ

ĪĪĪ Particular Files / Folders: ĪĪĪ

ĪĪĪ Driver: [LOADED] ĪĪĪ

ĪĪĪ Infection : ĪĪĪ

ĪĪĪ HOSTS File: ĪĪĪ
127.0.0.1 localhost


ĪĪĪ MBR Check: ĪĪĪ

+++++ PhysicalDrive0: Maxtor 6V200E0 +++++
--- User ---
[MBR] 8d4201c52fd119a571622c29411bded8
[BSP] 172eaaf6b47f704e646bef9a84d89d38 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95362 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195302205 | Size: 99111 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RK log(2):

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: SoSo [Admin rights]
Mode: Shortcuts HJfix -- Date: 06/19/2012 17:57:34

ĪĪĪ Bad processes: 0 ĪĪĪ

ĪĪĪ Driver: [LOADED] ĪĪĪ

ĪĪĪ File attributes restored: ĪĪĪ
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 15 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 92 / Fail 0
My documents: Success 296 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2060 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

ĪĪĪ Infection : ĪĪĪ

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


OTL log (custom scan):

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.USER-1BF4E7E8D5
->Temporary Internet Files folder emptied: 204550 bytes
->FireFox cache emptied: 12340987 bytes
->Flash cache emptied: 456 bytes

User: Administrator.USER-3ECCF264AD

User: All Users

User: All Users.WINDOWS

User: All Users.WINDOWS1

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6025679 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 62724 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 1646386 bytes
->Temporary Internet Files folder emptied: 75030218 bytes

User: Owner
->Temp folder emptied: 370540606 bytes
->Temporary Internet Files folder emptied: 400090162 bytes
->Java cache emptied: 40148705 bytes
->FireFox cache emptied: 140832144 bytes
->Flash cache emptied: 147526 bytes

User: SoSo
->Temp folder emptied: 88833552 bytes
->Temporary Internet Files folder emptied: 41640204 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 263240035 bytes
->Google Chrome cache emptied: 594288 bytes
->Flash cache emptied: 1521 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136324 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 71766 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,377.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06192012_180400

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL.exe all users log:

OTL logfile created on: 6/19/2012 6:21:13 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\SoSo\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.22% Memory free
3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.13 Gb Total Space | 58.73 Gb Free Space | 63.06% Space Free | Partition Type: NTFS
Drive D: | 96.79 Gb Total Space | 42.53 Gb Free Space | 43.94% Space Free | Partition Type: NTFS

Computer Name: USER-3ECCF264AD | User Name: SoSo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/06/13 08:38:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SoSo\My Documents\Downloads\OTL.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 11:36:45 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/15 11:35:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
MOD - [2012/06/15 11:35:12 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
MOD - [2012/06/15 11:34:37 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
MOD - [2012/06/15 11:34:32 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
MOD - [2012/06/15 11:26:20 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/06/15 11:26:06 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/11 20:49:19 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/19 16:28:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E23D2437-53BA-4EBB-85EA-2EC0A0C0D543}\MpKsl4ee3abe4.sys -- (MpKsl4ee3abe4)
DRV - [2012/06/15 21:08:01 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/05/31 17:24:14 | 006,126,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/26 21:21:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/26 21:20:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005/02/10 08:07:50 | 000,456,448 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2001/08/17 07:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F9 D5 9F 11 84 CC 01 [binary data]
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes,DefaultScope = {9AB464EA-A402-4C8D-AA67-EE71759C60D1}
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes\{0AC85DA3-F676-4817-9A20-654C4885E53D}: "URL" = http://www.bing.com/...ms}&FORM=IE0006
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes\{6642468D-A292-49BC-8B60-B1C5E5B6B37D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-24 03:49:23&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes\{9AB464EA-A402-4C8D-AA67-EE71759C60D1}: "URL" = http://www.google.co...1I7GGHP_enUS459
IE - HKU\S-1-5-21-842925246-1897051121-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "http://www.igoogle.com"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B12811779-4324-460c-8dad-357e249aee04%7D&mid=6f8d70369b8747d0a864d15de3e03f81-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-24%2003%3A49%3A23&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/03 17:48:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/13 06:34:01 | 000,000,000 | ---D | M]

[2011/10/06 05:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SoSo\Application Data\Mozilla\Extensions
[2012/06/13 23:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SoSo\Application Data\Mozilla\Firefox\Profiles\x6c48ha1.default\extensions
[2012/06/13 23:27:00 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\SoSo\Application Data\Mozilla\Firefox\Profiles\x6c48ha1.default\extensions\firefox@ghostery.com
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Mozilla\Firefox\Profiles\x6c48ha1.default\searchplugins\askcom.xml
[2012/05/21 06:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/13 23:27:00 | 000,525,301 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SOSO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X6C48HA1.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/24 03:49:17 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\SoSo\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\SoSo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\SoSo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/13 05:02:03 | 000,000,901 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-842925246-1897051121-682003330-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1897051121-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-842925246-1897051121-682003330-1006\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1337898210078 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F42A125B-D25A-470A-A2B8-3FC1966253AB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\SoSo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SoSo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/05 00:48:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 17:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2012/06/19 17:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Security Task Manager
[2012/06/19 17:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/06/17 10:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Search Settings
[2012/06/17 10:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012/06/17 10:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/06/17 10:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/06/17 10:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\YTD YouTube Downloader & Converter
[2012/06/17 10:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\YTD YouTube Downloader & Converter
[2012/06/17 09:13:08 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/06/17 09:13:04 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/06/17 09:12:56 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/06/16 01:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
[2012/06/16 01:37:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SoSo\Recent
[2012/06/15 22:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/15 22:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Start Menu\Programs\Revo Uninstaller
[2012/06/15 21:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
[2012/06/14 00:12:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/13 11:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2012/06/13 08:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/13 07:54:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2012/06/13 07:38:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/06/13 07:35:47 | 000,000,000 | ---D | C] -- C:\c740877f19401f3d3c80bff8966ae53b
[2012/06/13 04:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Desktop\RK_Quarantine
[2012/06/12 05:24:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2012/06/12 05:24:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2012/06/12 05:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/06/12 05:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/06/12 05:17:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2012/05/25 06:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\Spybot - Search & Destroy
[2012/05/25 06:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\Malwarebytes' Anti-Malware
[2012/05/25 05:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\FirstClass
[2012/05/25 05:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\My Documents\Playlists that were shared
[2012/05/25 00:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Windows Search
[2012/05/25 00:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2012/05/24 18:02:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/05/24 18:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Local Settings\Application Data\Microsoft Corporation
[2012/05/24 18:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/05/24 17:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Local Settings\Application Data\Identities
[2012/05/24 17:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Windows Desktop Search
[2012/05/24 17:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/05/24 17:45:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/05/24 10:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/24 10:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2012/05/24 04:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\AVG
[2012/05/24 04:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2012/05/24 03:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/05/24 03:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
[2012/05/24 03:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/24 03:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/05/24 03:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Local Settings\Application Data\Sun
[2012/05/21 09:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Malwarebytes
[2012/05/21 09:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/05/21 09:12:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/21 09:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SoSo\Application Data\Oracle

========== Files - Modified Within 30 Days ==========

[2012/06/19 18:16:25 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/06/19 18:16:25 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1005.job
[2012/06/19 18:16:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1003.job
[2012/06/19 18:16:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1006.job
[2012/06/19 18:16:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1897051121-682003330-1004.job
[2012/06/19 18:16:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/19 18:16:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/19 18:14:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/19 17:59:42 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Shortcut to OTL.lnk
[2012/06/19 17:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/17 14:35:00 | 000,000,580 | ---- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/06/17 11:05:38 | 005,731,741 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Kip Moore - Somethin' 'Bout A Truck.mp3
[2012/06/17 10:54:40 | 007,548,314 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Billy Currington - People Are Crazy.mp3
[2012/06/17 10:51:04 | 006,721,944 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Take a Back Road -Rodney Atkins.mp3
[2012/06/17 10:35:36 | 006,150,552 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Eric Church - Smoke A Little Smoke.mp3
[2012/06/17 10:31:53 | 006,162,839 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Dierks Bentley-Am I The Only One (New Single) March 2011.mp3
[2012/06/17 10:23:29 | 005,792,663 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Drink in My Hand - Eric Church.mp3
[2012/06/17 10:15:06 | 007,820,378 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Drink in My Hand - Eric Church.flv
[2012/06/17 10:11:05 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/06/17 04:31:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN16K21J9F05D2.job
[2012/06/16 12:16:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1005.job
[2012/06/15 23:17:21 | 001,358,959 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Revo Uninstaller Help.pdf
[2012/06/15 22:48:35 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Revo Uninstaller.lnk
[2012/06/15 21:52:01 | 000,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/15 21:08:01 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 18:35:55 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\SoSo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 11:32:25 | 000,457,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/15 11:32:25 | 000,075,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/15 09:32:08 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\register.bat
[2012/06/15 09:32:08 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\register.bat
[2012/06/14 20:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1004.job
[2012/06/14 00:25:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\MBR.dat
[2012/06/14 00:25:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\MBR.dat
[2012/06/13 08:12:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/13 07:58:07 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/13 07:52:33 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 06:32:01 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/13 06:32:01 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/06/13 06:30:02 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Shortcut to Downloads.lnk
[2012/06/13 05:02:03 | 000,000,901 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/13 03:28:23 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Windows Media Player.lnk
[2012/06/12 05:24:44 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/12 05:18:55 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/06/12 05:18:55 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/06/12 05:17:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/06/11 23:01:42 | 000,233,808 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/11 23:01:42 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/11 23:01:41 | 000,233,804 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/11 22:48:19 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/06/11 12:38:06 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/06/06 17:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1006.job
[2012/06/06 16:13:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1897051121-682003330-1003.job
[2012/05/25 06:39:21 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012/05/25 06:39:21 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012/05/25 05:22:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\Default.rdp
[2012/05/24 18:18:51 | 000,084,599 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\windows updgrade advisor to windows7.mht
[2012/05/24 16:14:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/24 11:05:08 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120524-132832.backup
[2012/05/24 10:40:00 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/24 06:30:36 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\infections.csv
[2012/05/21 09:12:58 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/21 01:03:46 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job

========== Files Created - No Company Name ==========

[2012/06/19 17:59:42 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Shortcut to OTL.lnk
[2012/06/19 16:27:28 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/17 11:05:11 | 005,731,741 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Kip Moore - Somethin' 'Bout A Truck.mp3
[2012/06/17 10:54:23 | 007,548,314 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Billy Currington - People Are Crazy.mp3
[2012/06/17 10:50:48 | 006,721,944 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Take a Back Road -Rodney Atkins.mp3
[2012/06/17 10:35:21 | 006,150,552 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Eric Church - Smoke A Little Smoke.mp3
[2012/06/17 10:31:39 | 006,162,839 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Dierks Bentley-Am I The Only One (New Single) March 2011.mp3
[2012/06/17 10:23:18 | 005,792,663 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Drink in My Hand - Eric Church.mp3
[2012/06/17 10:13:02 | 007,820,378 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Drink in My Hand - Eric Church.flv
[2012/06/17 10:11:05 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\YTD YouTube Downloader & Converter.lnk
[2012/06/17 09:13:01 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/06/15 23:17:21 | 001,358,959 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Revo Uninstaller Help.pdf
[2012/06/15 22:48:35 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Revo Uninstaller.lnk
[2012/06/15 22:34:56 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\register.bat
[2012/06/15 19:48:28 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 17:36:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\MBR.dat
[2012/06/15 09:52:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/15 09:52:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/15 09:32:07 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\register.bat
[2012/06/14 00:25:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\MBR.dat
[2012/06/13 08:12:43 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/13 07:58:07 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\SoSo\Start Menu\Programs\Internet Explorer.lnk
[2012/06/13 06:32:01 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/13 06:32:01 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/13 06:32:00 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2012/06/13 06:30:02 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Shortcut to Downloads.lnk
[2012/06/13 03:28:23 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Windows Media Player.lnk
[2012/06/12 05:24:44 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/12 05:23:45 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\SoSo\Start Menu\Programs\Windows Media Player.lnk
[2012/06/12 05:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/06/11 22:48:19 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\SoSo\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/05/25 06:39:21 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012/05/25 06:39:20 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012/05/25 05:22:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\Default.rdp
[2012/05/25 00:32:05 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/24 18:18:51 | 000,084,599 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\windows updgrade advisor to windows7.mht
[2012/05/24 10:40:00 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/24 06:30:36 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\SoSo\My Documents\infections.csv
[2012/05/21 09:12:58 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\SoSo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/21 01:03:46 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\hpwebreg_xxxxxxxxxx.job
[2012/02/25 20:09:00 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\SoSo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/25 12:47:51 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ament.ini
[2011/11/04 09:12:23 | 000,000,126 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2011/10/15 15:30:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/14 16:13:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/12 04:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 00:40:51 | 000,011,952 | --S- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\w38r43d256106t
[2011/01/03 12:08:37 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/03 12:08:33 | 000,233,808 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/03 12:08:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/03 12:08:05 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/12/31 12:52:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 12:47:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/31 06:19:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/31 06:16:51 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/10 06:38:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2009/09/30 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/04/24 23:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/01/14 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2008/04/05 13:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/04/01 09:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
[2012/06/11 20:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
[2012/05/24 03:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/06/11 19:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2012/06/19 17:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
[2012/04/01 10:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
[2012/06/11 19:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2012/04/22 10:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan
[2011/12/27 02:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vivitar
[2011/12/27 02:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vivitar Experience Image Manager
[2012/06/17 10:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\YTD YouTube Downloader & Converter
[2011/10/08 06:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/10/14 06:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\AVG Security Toolbar
[2010/11/13 21:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\avg9
[2010/02/15 16:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\vsosdk
[2010/11/13 05:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\WindSolutions
[2010/10/19 04:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS1\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 10:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2010/03/25 20:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2010/02/15 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/11/13 05:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WindSolutions
[2012/05/24 04:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SoSo\Application Data\AVG
[2012/06/16 02:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SoSo\Application Data\ElevatedDiagnostics
[2012/05/21 09:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SoSo\Application Data\Oracle
[2012/06/17 10:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SoSo\Application Data\Search Settings
[2012/04/25 21:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SoSo\Application Data\Visan
[2012/05/24 17:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SoSo\Application Data\Windows Desktop Search
[2012/05/25 00:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SoSo\Application Data\Windows Search
[2012/06/19 18:16:25 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/06/17 14:35:00 | 000,000,580 | ---- | M] () -- C:\WINDOWS\Tasks\DataUpload.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0B4227B4

< End of report >

#7 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 20 June 2012 - 05:23 PM

Quote

So now there is two volume widgets in my quick launch. When I click on the Realtek sound widget to expand,, the other widgets are very large...they look different.

Can you post a Print Screen?

# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE -  HKU\S-1-5-21-842925246-1897051121-682003330-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}:  "URL" = http://isearch.avg.c...pr&d=2012-05-24  03:49:23&v=11.0.0.9&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL:  "http://isearch.avg.com/search?cid=%7B12811779-4324-460c-8dad-357e249aee04%7D&mid=6f8d70369b8747d0a864d15de3e03f81-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-24%2003%3A49%3A23&sap=ku&q="
[2012/05/24 03:49:17 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) -  {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube  Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
[2012/06/15 09:32:08 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\SoSo\My Documents\register.bat
[2012/06/15 09:32:08 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\SoSo\Desktop\register.bat
[2009/09/30 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/26 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and  Settings\All Users.WINDOWS1\Application Data\AVG Security Toolbar
[2009/09/30 10:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR

:Commands
[CREATERESTOREPOINT]
[REBOOT]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/us/online-scanner/
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

#8 Vickyanne

  • Group: Member
  • Posts: 4
  • Joined: 13-June 12

Posted 21 June 2012 - 05:25 AM

Good Morning Whitehat~
I tried to do the screen-print but when I hit the ALT button with screen-print..the Realtek widgets I expanded disappeared. I tried to figure out another way but to no avail. Below is the shortcut to a Realtek Semiconductor file that when I tried opening it a window popped up saying it had no certificate and was a dangerous file. I was under my downloads, (WDM_R269)

file:///C:/Documents%20and%20Settings/SoSo/Desktop/Shortcut%20to%20WDM_R269.lnk

Also there are all different sorts of files now showing up in my download file. Yet when I go to start menu to try and start my programs...there are not many programs are apps there. Seems like the malware has bunches of files indexing. (Puts then in a .dat file?)

The current ESET online scanner ( I had did one previously) showed no threats. Yet. when I did it orginally on the 5/15 I believe there were many different kinds of malware. I tried to find the log for this current scan and couldn't. I will copy and past the log from the May ESET scan I did. Since then the malware has messed with it and at one time said it was corrupted. So I am not sure if this time it is accurate. The computer seemed to be doing better yesterday but this morning...seems almost the same as before. Even my Igoogle was coming out the way it was suppose to yesterday ,,now today back it is back like it was.

I believe some of this viruses, malware, keyloggers...whatever have been on here for a long time. I found files back from 2008. There were quite a few different people using this desktop at one time and don't think they really knew what they were doing or cared.

I also there are still all kinds of strange processes. One is called OnlineCmdLineScanner.exe that is using 72k memory. Another high memory process is RTHDCPLE.exe.

Also...I have been using my android smart phone as a hotspot..and now it has been acting funny. I hope its all in my head~!~ haha!!! Could it have gotten something from this desktop?? Just a thought....if you have any clue. ATT is saying I have already used 5GB of data and I don't see how that is possible.

I am attaching the previous ESET online scanner log and the current Otl log for your review. Again...thatk you so much and hope to hear from you soon.

Take care,
Vicky

Need info on whom and where to donate for all your time as well.. THanks!


OTL log (6/21/12)
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-842925246-1897051121-682003330-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://isearch.avg.com/search?cid=%7B12811779-4324-460c-8dad-357e249aee04%7D&mid=6f8d70369b8747d0a864d15de3e03f81-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-24%2003%3A49%3A23&sap=ku&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
File C:\Program Files\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll not found.
C:\Documents and Settings\SoSo\My Documents\register.bat moved successfully.
C:\Documents and Settings\SoSo\Desktop\register.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages folder moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar scheduled to be moved on reboot.
Folder C:\Documents and Settings\All Users.WINDOWS1\Application Data\AVG Security Toolbar\ not found.
C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06212012_013414

Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ESET Log (May 2012)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=40a6e4874a9da94c92964a9b67d5c6cd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-15 03:54:31
# local_time=2012-05-15 10:54:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 100 72557850 81842501 0 0
# compatibility_mode=5891 16776533 42 87 0 48188313 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=148245
# found=38
# cleaned=38
# scan_time=10222
C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\Games\new games from mag cd\cypet202.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\Games\new games from mag cd\FallingBricksSetup15.exe Win32/Adware.SaveNow application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\Games\new games from mag cd\J-Ball.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\freeripmp3 cd ripper.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\RockXP3 (view product codes on pcs).exe Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\WinZix-2.1-setup-0595.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\Cracks\dvdxcopy1.5.2keygen.zip probably a variant of Win32/Keygen.BH application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\Cracks\dvdxcopy1.5.2keygencore.zip probably a variant of Win32/Keygen.BH application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\Cracks\dvdxcopyv1.5.2keygencore.zip probably a variant of Win32/Keygen.BH application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\Cracks\gamedrivev8.0keygenror.zip probably a variant of Win32/TrojanDropper.Agent.DEGHVUD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\Cracks\nortonsystemworkspro2004keygentmg.zip probably a variant of Win32/Agent.JKLAKTK trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\Nero Updates\nero 7 updates\Nero-7.8.5.0_eng_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Internet\favsrch.exe a variant of Win32/Adware.WhenUSave application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Internet\SetupOneMX.exe a variant of Win32/Adware.SideSearch.F application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Internet\spamdel.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Security and Antivirus\IIPwr_Install.exe probably a variant of Win32/Spy.Agent.JNNSNDC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Security and Antivirus\inlookexpresssetup.exe Win32/InlookExpress application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Security and Antivirus\SC-PassUnleash.zip a variant of Win32/PSWTool.PasswordSpy.AA application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Windows\cursorfun.exe probably a variant of Win32/Agent.MSHDCHO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Windows\keyfinder.zip Win32/PSWTool.RAS.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Windows\mad.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD1\Windows\snoop.exe a variant of Win32/Snooper.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Audio and Video\BOOMBox_Setup.exe Win32/VB.NAD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Email\Spam-AidSetup.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Games and Leisure\cypet202.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Games and Leisure\FallingBricksSetup15.exe Win32/Adware.SaveNow application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Games and Leisure\J-Ball.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Instant messaging tools\chatlogger.exe probably a variant of Win32/Agent.HGHVODJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Networking\IPInventoryEnterprise1.3.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\CARL\My Documents\New Downloads\Newest Downloads\PC Utilities CD2\Networking\netvizor.zip Win32/Spy.NetVizor application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\32\25ea6260-7a96b8da multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\My Documents\Downloads\setup.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\My Documents\Downloads\ZwinkySetup2.3.67.1.ZJfox000.exe Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\SDW\Local Settings\Temporary Internet Files\Content.IE5\6RYFQ1W1\gkisnhi[1].htm JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\SDW\Local Settings\Temporary Internet Files\Content.IE5\ELAHQ109\dm4[1].exe Win32/Olmarik.AIF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL a variant of Win32/FunWeb.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS12\system32\123.js JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#9 WhiteHat

  • Group: Retired Staff
  • Posts: 1,925
  • Joined: 06-September 09

Posted 22 June 2012 - 12:35 PM

Quote

I tried to do the screen-print but when I hit the ALT button with screen-print..the Realtek widgets I expanded disappeared.

  • Only hit the Print screen button
  • Open the paint
    • Go to Start > Run > type Mspaint and hit [ENTER]
  • Save the file into your desktop.
  • Go to imgur.com and upload the image you just save.
  • Send me the link to the image.


Quote

OnlineCmdLineScanner.exe that is using 72k memory. Another high memory process is RTHDCPLE.exe

OnlineCmdLineScanner.exe is related to Eset Online Scanner and RTHDCPLE.exe is related to Realtek.

Quote

Could it have gotten something from this desktop

I don't think this is possible. Most of android malwares needs root access and not all android smartphones are rooted.

Quote

I have already used 5GB of data and I don't see how that is possible.

Well, this depends how you use your data plan. You can use Avast mobile security:
http://www.avast.com...mobile-security

Quote

Need info on whom and where to donate for all your time as well.. THanks!

See this page:
http://www.geekstogo...on-information/

Your computer seems clean.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
Posted Image
Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

Share this topic:


Page 1 of 1