Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google desktop wont delete, new to me laptop [Solved]


  • This topic is locked This topic is locked

#1
richclan

richclan

    Member

  • Member
  • PipPipPip
  • 180 posts
just got this used laptop and wanted to see if you all could look it over. google desktop, i cant delete it.

thanks in advance

OTL logfile created on: 7/20/2012 7:12:07 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Sydney G\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 571.04 Mb Available Physical Memory | 56.30% Memory free
2.38 Gb Paging File | 2.06 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.74 Gb Total Space | 4.42 Gb Free Space | 11.40% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 1.31 Gb Free Space | 10.93% Space Free | Partition Type: NTFS

Computer Name: RICHFAMILY | User Name: Sydney G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 19:11:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sydney G\Desktop\OTL.exe
PRC - [2006/10/23 18:14:21 | 001,109,504 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/10/23 18:14:21 | 000,755,712 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/26 15:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/10/23 18:14:21 | 000,036,352 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2005/12/19 09:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PNKJRUGB.exe -- (PNKJRUGB)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\SYDNEY~1\LOCALS~1\Temp\GPBNOYEHN.exe -- (GPBNOYEHN)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\SYDNEY~1\LOCALS~1\Temp\GKSKAYIKXBP.exe -- (GKSKAYIKXBP)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/20 18:43:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2008/10/12 05:08:33 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2008/05/06 18:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/16 11:29:33 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/08/11 18:18:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/09 11:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...nType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {885793DE-DF8F-4C29-A31C-78FA75A7A467}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{885793DE-DF8F-4C29-A31C-78FA75A7A467}: "URL" = http://www.google.co...1I7DKUS_enUS448
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macrom...abs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE07B3F-243E-46AA-B5D5-57D3B1ED6E21}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sydney G\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sydney G\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/13 16:39:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/31 10:46:29 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 19:11:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sydney G\Desktop\OTL.exe
[2012/07/20 12:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Start Menu\Programs\CleanUp!
[2012/07/20 12:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 19:11:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sydney G\Desktop\OTL.exe
[2012/07/20 19:06:34 | 000,404,428 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/20 19:06:34 | 000,063,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/20 19:03:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 19:02:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 19:01:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/20 18:58:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/20 18:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 14:15:01 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 13:05:41 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/20 12:45:16 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\CleanUp!.lnk
[2012/07/20 10:45:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 18:43:11 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 14:09:03 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 13:05:41 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/20 12:45:16 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\CleanUp!.lnk
[2011/09/09 11:43:19 | 000,000,621 | R--- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/08/31 09:15:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/12 06:15:22 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\fusioncache.dat
[2007/02/20 22:01:45 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== LOP Check ==========

[2008/05/13 16:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/09/10 10:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/01 07:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/12 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sydney G\Application Data\Leadertech

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 7/20/2012 7:12:07 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Sydney G\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 571.04 Mb Available Physical Memory | 56.30% Memory free
2.38 Gb Paging File | 2.06 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.74 Gb Total Space | 4.42 Gb Free Space | 11.40% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 1.31 Gb Free Space | 10.93% Space Free | Partition Type: NTFS

Computer Name: RICHFAMILY | User Name: Sydney G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Motorola USB Drivers" = Motorola USB Drivers
"MSNINST" = MSN
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/9/2011 1:47:31 PM | Computer Name = SYDNEY | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Plus 2007 - Update 'Security
Update for Microsoft Office Access 2007 (KB979440)' could not be installed. Error
code 1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft....k/?LinkId=23127

Error - 9/15/2011 10:20:01 AM | Computer Name = RICHFAMILY | Source = MsiInstaller | ID = 11307
Description = Product: Microsoft Office Professional Plus 2007 -- Error 1307.There
is not enough disk space to install this file: C:\WINDOWS\Installer\332ff4.msp.
Free some disk space and click 'Retry', or click 'Cancel' to exit.

Error - 9/15/2011 10:20:41 AM | Computer Name = RICHFAMILY | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Plus 2007 - Update 'Microsoft
Office 2007 Service Pack 2 (SP2)' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 7/20/2012 1:09:48 PM | Computer Name = RICHFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2012 1:11:18 PM | Computer Name = RICHFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2012 1:11:46 PM | Computer Name = RICHFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2012 1:48:02 PM | Computer Name = RICHFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2012 1:48:42 PM | Computer Name = RICHFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2012 1:52:31 PM | Computer Name = RICHFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2012 2:13:55 PM | Computer Name = RICHFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.70.80.34, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:55 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/20/2012 6:26:56 PM | Computer Name = RICHFAMILY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Step 2

Please try to uninstall following programs:

  • Google Desktop


How to unistall program in Windows XP:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

  • 0

#3
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
still cant get rid of google desktop. i tried a few times. i get application errors now for that program and in the lower right tool bar it was trying to download
here is the log, thanks

ComboFix 12-07-27.02 - Sydney G 07/26/2012 11:26:17.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.344 [GMT -4:00]
Running from: c:\documents and settings\Sydney G\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome.manifest
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\background.html
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\browser.xul
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\crossrider.js
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\crossriderapi.js
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\dialog.js
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\lib\faye-browser-min.js
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\manage-apps-style.css
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\manage-apps.html
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\messaging.js
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\options.js
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\options.xul
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\push.html
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\search_dialog.xul
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\chrome\content\update.html
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\defaults\preferences\prefs.js
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\install.rdf
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\locale\en-US\translations.dtd
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\button1.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\button2.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\button3.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\button4.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\button5.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\crossrider_statusbar.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\icon128.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\icon16.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]der.com\skin\icon24.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\icon48.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\panelarrow-up.png
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\popup.css
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\popup.html
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\popup_binding.xml
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\skin.css
c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions\[email protected]\skin\update.css
c:\windows\system32\setb0.tmp
c:\windows\system32\setb1.tmp
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-25 23:09 . 2012-07-25 23:09 -------- d-----w- c:\documents and settings\Sydney G\Local Settings\Application Data\Wildtangent
2012-07-25 21:03 . 2012-07-26 15:15 -------- dc----w- c:\documents and settings\Sydney G\Local Settings\Application Data\MigWiz
2012-07-25 21:02 . 2012-07-25 21:02 -------- d-----w- c:\program files\Windows Easy Transfer 7
2012-07-25 21:01 . 2012-07-25 21:01 -------- d-----w- c:\documents and settings\Sydney G\Local Settings\Application Data\Coupon Companion
2012-07-25 21:01 . 2012-07-25 21:01 -------- d-----w- c:\program files\Coupon Companion
2012-07-25 16:03 . 2012-07-25 16:03 -------- d-----w- c:\documents and settings\Sydney G\Local Settings\Application Data\Mozilla
2012-07-25 16:02 . 2012-07-25 16:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-25 15:42 . 2012-07-25 15:42 -------- d-----w- c:\documents and settings\Sydney G\Application Data\IObit
2012-07-25 15:33 . 2012-07-25 15:37 -------- d-----w- c:\documents and settings\CDR
2012-07-21 05:46 . 2012-07-21 05:48 -------- d-----w- c:\windows\SxsCaPendDel
2012-07-21 02:12 . 2012-07-21 02:13 -------- d-----w- C:\XP Registry Cleaner
2012-07-21 02:12 . 2012-07-21 02:12 -------- d-----w- c:\windows\system32\XPToolsLicenseComponent
2012-07-21 02:07 . 2012-05-08 22:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-07-21 02:07 . 2010-11-26 22:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-21 02:07 . 2012-07-21 02:07 -------- d-----w- C:\Smart Defrag 2
2012-07-21 01:51 . 2012-07-21 01:51 -------- d-----w- c:\documents and settings\Sydney G\Application Data\AVS4YOU
2012-07-21 01:50 . 2012-03-23 23:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-07-21 01:50 . 2012-07-21 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2012-07-21 01:50 . 2012-07-21 01:51 -------- d-----w- c:\program files\AVS4YOU
2012-07-21 01:49 . 2011-06-22 15:32 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-07-21 01:49 . 2011-06-22 15:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-07-21 01:49 . 2012-07-21 01:51 -------- d-----w- C:\AVSMediaPlayer
2012-07-21 01:49 . 2012-07-21 01:51 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-07-20 22:43 . 2012-07-25 20:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-20 16:45 . 2012-07-20 16:45 -------- d-----w- c:\program files\CleanUp!
2012-07-20 14:56 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-07-20 14:56 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-07-20 14:56 . 2001-08-17 18:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-07-20 14:56 . 2001-08-17 18:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-25 20:58 . 2011-09-09 13:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 00:17 . 2012-07-25 16:02 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]
2012-06-17 13:07 488832 ----a-w- c:\program files\Coupon Companion\Coupon Companion.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-23 190464]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 13:08 1347584 -c--a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-10-23 22:14 190464 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 21:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 21:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-18 20:00 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-18 20:00 110592 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 01:15 290816 -c--a-w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"PcCtlCom"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"GEARSecurity"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Easy Transfer 7\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7000:TCP"= 7000:TCP:Windows Easy Transfer TCP port
"7000:UDP"= 7000:UDP:Windows Easy Transfer UDP port
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/20/2012 10:07 PM 14776]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/20/2012 6:43 PM 250056]
S3 GKSKAYIKXBP;GKSKAYIKXBP;c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GKSKAYIKXBP.exe --> c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GKSKAYIKXBP.exe [?]
S3 GPBNOYEHN;GPBNOYEHN;c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GPBNOYEHN.exe --> c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GPBNOYEHN.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/25/2012 12:02 PM 113120]
S3 PNKJRUGB;PNKJRUGB;c:\docume~1\ADMINI~1\LOCALS~1\Temp\PNKJRUGB.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\PNKJRUGB.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 6:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 20:58]
.
2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-07-26 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\smart defrag 2\SmartDefrag.exe [2012-07-21 23:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Dell QuickSet - c:\program files\Dell\QuickSet\quickset.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-pccguide - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-HijackThis - F:\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 11:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
.
**************************************************************************
.
Completion time: 2012-07-26 11:39:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 15:39
.
Pre-Run: 16,276,357,120 bytes free
Post-Run: 16,212,688,896 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A13FE371F25AF7930620DE7C943CE499
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

What error are you getting when you try to uninstall this Google Desktop thingy?
  • 0

#5
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
no errors when i uninstall. when it reboots after is when i get the application errors, on startup. is this malware google desktop????
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Well... Probably some files or registry entries are corrupted. We will deal with that later. For now please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GKSKAYIKXBP.exe
c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GPBNOYEHN.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\PNKJRUGB.exe
c:\program files\Coupon Companion\Coupon Companion.dll

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]

ClearJavaCache::

Driver::
GKSKAYIKXBP
GPBNOYEHN
PNKJRUGB


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
here it is:
the error message is: the appl. failed to initialize properly 0xc0000005 google desktop index.exe

ComboFix 12-07-27.02 - Sydney G 07/26/2012 16:55:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.527 [GMT -4:00]
Running from: c:\documents and settings\Sydney G\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sydney G\Desktop\CFScript.txt
.
FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\PNKJRUGB.exe"
"c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GKSKAYIKXBP.exe"
"c:\docume~1\SYDNEY~1\LOCALS~1\Temp\GPBNOYEHN.exe"
"c:\program files\Coupon Companion\Coupon Companion.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GKSKAYIKXBP
-------\Legacy_GPBNOYEHN
-------\Legacy_PNKJRUGB
-------\Service_GKSKAYIKXBP
-------\Service_GPBNOYEHN
-------\Service_PNKJRUGB
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-25 23:09 . 2012-07-25 23:09 -------- d-----w- c:\documents and settings\Sydney G\Local Settings\Application Data\Wildtangent
2012-07-25 21:03 . 2012-07-26 15:15 -------- dc----w- c:\documents and settings\Sydney G\Local Settings\Application Data\MigWiz
2012-07-25 21:02 . 2012-07-25 21:02 -------- d-----w- c:\program files\Windows Easy Transfer 7
2012-07-25 21:01 . 2012-07-25 21:01 -------- d-----w- c:\documents and settings\Sydney G\Local Settings\Application Data\Coupon Companion
2012-07-25 21:01 . 2012-07-25 21:01 -------- d-----w- c:\program files\Coupon Companion
2012-07-25 16:03 . 2012-07-25 16:03 -------- d-----w- c:\documents and settings\Sydney G\Local Settings\Application Data\Mozilla
2012-07-25 16:02 . 2012-07-25 16:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-25 15:42 . 2012-07-25 15:42 -------- d-----w- c:\documents and settings\Sydney G\Application Data\IObit
2012-07-25 15:33 . 2012-07-25 15:37 -------- d-----w- c:\documents and settings\CDR
2012-07-21 05:46 . 2012-07-21 05:48 -------- d-----w- c:\windows\SxsCaPendDel
2012-07-21 02:12 . 2012-07-21 02:13 -------- d-----w- C:\XP Registry Cleaner
2012-07-21 02:12 . 2012-07-21 02:12 -------- d-----w- c:\windows\system32\XPToolsLicenseComponent
2012-07-21 02:07 . 2012-05-08 22:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-07-21 02:07 . 2010-11-26 22:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-07-21 02:07 . 2012-07-21 02:07 -------- d-----w- C:\Smart Defrag 2
2012-07-21 01:51 . 2012-07-21 01:51 -------- d-----w- c:\documents and settings\Sydney G\Application Data\AVS4YOU
2012-07-21 01:50 . 2012-03-23 23:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-07-21 01:50 . 2012-07-21 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2012-07-21 01:50 . 2012-07-21 01:51 -------- d-----w- c:\program files\AVS4YOU
2012-07-21 01:49 . 2011-06-22 15:32 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-07-21 01:49 . 2011-06-22 15:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-07-21 01:49 . 2012-07-21 01:51 -------- d-----w- C:\AVSMediaPlayer
2012-07-21 01:49 . 2012-07-21 01:51 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-07-20 22:43 . 2012-07-25 20:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-20 16:45 . 2012-07-20 16:45 -------- d-----w- c:\program files\CleanUp!
2012-07-20 14:56 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-07-20 14:56 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-07-20 14:56 . 2001-08-17 18:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-07-20 14:56 . 2001-08-17 18:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-25 20:58 . 2011-09-09 13:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 00:17 . 2012-07-25 16:02 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_15.35.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 17:51 . 2012-07-26 18:50 63274 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2012-07-25 23:30 63274 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2012-07-26 18:50 404428 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2012-07-25 23:30 404428 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-23 190464]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 13:08 1347584 -c--a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-10-23 22:14 190464 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 21:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 21:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-18 20:00 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-18 20:00 110592 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 01:15 290816 -c--a-w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"PcCtlCom"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"GEARSecurity"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Easy Transfer 7\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7000:TCP"= 7000:TCP:Windows Easy Transfer TCP port
"7000:UDP"= 7000:UDP:Windows Easy Transfer UDP port
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/20/2012 10:07 PM 14776]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/20/2012 6:43 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/25/2012 12:02 PM 113120]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 6:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 20:58]
.
2011-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-07-26 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\smart defrag 2\SmartDefrag.exe [2012-07-21 23:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 17:04
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-07-26 17:08:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 21:08
ComboFix2.txt 2012-07-26 15:39
.
Pre-Run: 16,174,444,544 bytes free
Post-Run: 16,173,428,736 bytes free
.
- - End Of File - - B4E2B8ACD483A488637F41F08A2B506E
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. We will try following workaround for Google Desktop:
  • Download Google Desktop from here.
  • Then install it.
  • Reboot
  • Next go to Add or Remove Programs in Control Panel and try to uninstall Google Desktop.

  • 0

#9
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
great render its gone :thumbsup: thanks
how does the rest of this laptop look malware wise?
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
From logs looks clean so far. But we must continue so please do the following:

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

Advertisements


#11
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
ok no detection found so there was no report to post.

i ran gathering info twice but no zip file link showed up, sry. i even searched for the file on the HD.

i found this under manual disinfection

Gathering system information: completed 26 minutes ago (events: 247, time: 00:03:00)
7/26/2012 10:53:17 PM Task started Gathering system information
7/26/2012 10:53:20 PM Main script of analysis
7/26/2012 10:53:21 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
7/26/2012 10:53:21 PM System Restore: enabled
7/26/2012 10:53:22 PM 1.1 Searching for user-mode API hooks
7/26/2012 10:53:22 PM Analysis: kernel32.dll, export table found in section .text
7/26/2012 10:53:22 PM IAT modification detected: CreateProcessA - 00B90010<>7C80236B
7/26/2012 10:53:22 PM IAT modification detected: GetModuleFileNameA - 00B90080<>7C80B56F
7/26/2012 10:53:22 PM IAT modification detected: FreeLibrary - 00B900F0<>7C80AC7E
7/26/2012 10:53:22 PM IAT modification detected: GetModuleFileNameW - 00B90160<>7C80B475
7/26/2012 10:53:22 PM IAT modification detected: CreateProcessW - 00B901D0<>7C802336
7/26/2012 10:53:22 PM IAT modification detected: LoadLibraryW - 00B902B0<>7C80AEEB
7/26/2012 10:53:22 PM IAT modification detected: LoadLibraryA - 00B90320<>7C801D7B
7/26/2012 10:53:22 PM IAT modification detected: GetProcAddress - 00B90390<>7C80AE40
7/26/2012 10:53:22 PM Analysis: ntdll.dll, export table found in section .text
7/26/2012 10:53:22 PM Analysis: user32.dll, export table found in section .text
7/26/2012 10:53:22 PM Analysis: advapi32.dll, export table found in section .text
7/26/2012 10:53:22 PM Analysis: ws2_32.dll, export table found in section .text
7/26/2012 10:53:22 PM Analysis: wininet.dll, export table found in section .text
7/26/2012 10:53:22 PM Analysis: rasapi32.dll, export table found in section .text
7/26/2012 10:53:22 PM Analysis: urlmon.dll, export table found in section .text
7/26/2012 10:53:23 PM Analysis: netapi32.dll, export table found in section .text
7/26/2012 10:53:24 PM 1.2 Searching for kernel-mode API hooks
7/26/2012 10:53:24 PM Driver loaded successfully
7/26/2012 10:53:24 PM SDT found (RVA=085700)
7/26/2012 10:53:24 PM Kernel ntkrnlpa.exe found in memory at address 804D7000
7/26/2012 10:53:24 PM SDT = 8055C700
7/26/2012 10:53:24 PM KiST = 8050446C (284)
7/26/2012 10:53:24 PM Function NtAdjustPrivilegesToken (0B) intercepted (805EBB16->A9147690), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtClose (19) intercepted (805BC4DC->A9147F94), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtConnectPort (1F) intercepted (805A4596->A9148DC8), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateEvent (23) intercepted (8060E634->A9149312), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateFile (25) intercepted (80579084->A9148270), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateKey (29) intercepted (806237C8->A9146500), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateMutant (2B) intercepted (80616D76->A91491F8), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateNamedPipeFile (2C) intercepted (805790BE->A914727E), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreatePort (2E) intercepted (805A50B2->A91490CC), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateSection (32) intercepted (805AB38E->A9147426), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateSemaphore (33) intercepted (80614734->A9149432), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateThread (35) intercepted (805D0FD2->A9147C1C), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtCreateWaitablePort (38) intercepted (805A50D6->A9149162), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtDebugActiveProcess (39) intercepted (8064320E->A914AB1A), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtDeleteKey (3F) intercepted (80623C64->A9146B0A), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtDeleteValueKey (41) intercepted (80623E34->A9146EBE), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtDeviceIoControlFile (42) intercepted (8057924A->A91486F2), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtDuplicateObject (44) intercepted (805BDFB4->A914BD26), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtEnumerateKey (47) intercepted (80624014->A914700A), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtEnumerateValueKey (49) intercepted (8062427E->A91470A2), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtFsControlFile (54) intercepted (8057927E->A9148500), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtLoadDriver (61) intercepted (8058413A->A914AC0C), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtLoadKey (62) intercepted (806259EC->A91464DC), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtLoadKey2 (63) intercepted (806255F8->A91464EE), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtMapViewOfSection (6C) intercepted (805B1FE6->A914B374), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtNotifyChangeKey (6F) intercepted (806259B6->A91471CE), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtOpenEvent (72) intercepted (8060E734->A91493A8), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:24 PM Function NtOpenFile (74) intercepted (8057A182->A9148016), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:24 PM >>> Function restored successfully !
7/26/2012 10:53:24 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtOpenKey (77) intercepted (80624BA6->A91466C0), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtOpenMutant (78) intercepted (80616E4E->A9149288), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtOpenProcess (7A) intercepted (805CB3FA->A91478CC), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtOpenSection (7D) intercepted (805AA3B2->A914B10E), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtOpenSemaphore (7E) intercepted (8061482E->A91494C8), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtOpenThread (80) intercepted (805CB686->A91477BE), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtQueryKey (A0) intercepted (80624EE8->A914713A), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtQueryMultipleValueKey (A1) intercepted (80622916->A9146D72), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtQuerySection (A7) intercepted (805B858C->A914B6AE), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtQueryValueKey (B1) intercepted (806219EC->A914699C), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtQueueApcThread (B4) intercepted (805D1230->A914AFA0), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtRenameKey (C0) intercepted (806231EA->A9146C2C), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtReplaceKey (C1) intercepted (8062589C->A9145F16), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtReplyPort (C2) intercepted (805A54B2->A914982C), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtReplyWaitReceivePort (C3) intercepted (805A647A->A91496F2), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtRequestWaitReplyPort (C8) intercepted (805A2D3C->A914A8B4), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtRestoreKey (CC) intercepted (806251A8->A914628E), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtResumeThread (CE) intercepted (805D495A->A914BBC8), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSaveKey (CF) intercepted (806252A4->A9145EAE), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSecureConnectPort (D2) intercepted (805A3D2A->A9148B0E), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSetContextThread (D5) intercepted (805D16F4->A9147E38), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSetInformationToken (E6) intercepted (805F9E7E->A914A154), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSetSecurityObject (ED) intercepted (805C05DA->A914ADAA), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSetSystemInformation (F0) intercepted (8060F3EC->A914B7FE), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSetValueKey (F7) intercepted (80621D3A->A9146816), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSuspendProcess (FD) intercepted (805D4A22->A914B8F0), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSuspendThread (FE) intercepted (805D4894->A914BA2A), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtSystemDebugControl (FF) intercepted (80617792->A914AA3E), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtTerminateProcess (101) intercepted (805D2982->A9147A68), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtTerminateThread (102) intercepted (805D2B7C->A91479C8), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtUnmapViewOfSection (10B) intercepted (805B2DF4->A914B552), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function NtWriteVirtualMemory (115) intercepted (805B4378->A9147B52), hook C:\WINDOWS\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM >>> Hook code blocked
7/26/2012 10:53:25 PM Function FsRtlCheckLockForReadAccess (804EAF84) - machine code modification Method of JmpTo. jmp A9139FD0 \SystemRoot\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM Function IoIsOperationSynchronous (804EF912) - machine code modification Method of JmpTo. jmp A913A3AC \SystemRoot\system32\DRIVERS\7697215drv.sys, driver recognized as trusted
7/26/2012 10:53:25 PM >>> Function restored successfully !
7/26/2012 10:53:25 PM Functions checked: 284, intercepted: 60, restored: 62
7/26/2012 10:53:25 PM 1.3 Checking IDT and SYSENTER
7/26/2012 10:53:25 PM Analysis for CPU 1
7/26/2012 10:53:25 PM Analysis for CPU 2
7/26/2012 10:53:25 PM CmpCallCallBacks = 00093D84
7/26/2012 10:53:25 PM Disable callback OK
7/26/2012 10:53:25 PM Checking IDT and SYSENTER - complete
7/26/2012 10:53:26 PM 1.4 Searching for masking processes and drivers
7/26/2012 10:53:26 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
7/26/2012 10:53:26 PM 1.5 Checking of IRP handlers
7/26/2012 10:53:26 PM Driver loaded successfully
7/26/2012 10:53:26 PM Checking - complete
7/26/2012 10:54:18 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
7/26/2012 10:54:18 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
7/26/2012 10:54:18 PM >> Services: potentially dangerous service allowed: TlntSvr ()
7/26/2012 10:54:18 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
7/26/2012 10:54:18 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
7/26/2012 10:54:18 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
7/26/2012 10:54:18 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
7/26/2012 10:54:18 PM >> Security: disk drives' autorun is enabled
7/26/2012 10:54:18 PM >> Security: administrative shares (C$, D$ ...) are enabled
7/26/2012 10:54:18 PM >> Security: anonymous user access is enabled
7/26/2012 10:54:18 PM >> Security: sending Remote Assistant queries is enabled
7/26/2012 10:54:23 PM >> Disable HDD autorun
7/26/2012 10:54:23 PM >> Disable autorun from network drives
7/26/2012 10:54:23 PM >> Disable CD/DVD autorun
7/26/2012 10:54:23 PM >> Disable removable media autorun
7/26/2012 10:54:26 PM System Analysis in progress
7/26/2012 10:56:17 PM System Analysis - complete
7/26/2012 10:56:17 PM Deleting service/driver: uti5mjix
7/26/2012 10:56:17 PM [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti5mjix
7/26/2012 10:56:17 PM Delete file:C:\WINDOWS\system32\Drivers\uti5mjix.sys
7/26/2012 10:56:17 PM Deleting service/driver: uji5mjix
7/26/2012 10:56:17 PM Main script of analysis
7/26/2012 10:56:17 PM Task completed Gathering system information
Gathering system information: completed 18 minutes ago (events: 63, time: 00:03:46)
7/26/2012 11:04:56 PM Task completed Gathering system information
7/26/2012 11:04:54 PM Main script of analysis
7/26/2012 11:04:53 PM Deleting service/driver: uji5mjix
7/26/2012 11:04:53 PM Delete file:C:\WINDOWS\system32\Drivers\uti5mjix.sys
7/26/2012 11:04:53 PM [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti5mjix
7/26/2012 11:04:49 PM Deleting service/driver: uti5mjix
7/26/2012 11:04:48 PM System Analysis - complete
7/26/2012 11:02:15 PM System Analysis in progress
7/26/2012 11:02:12 PM >> Disable removable media autorun
7/26/2012 11:02:11 PM >> Disable CD/DVD autorun
7/26/2012 11:02:11 PM >> Disable autorun from network drives
7/26/2012 11:02:11 PM >> Disable HDD autorun
7/26/2012 11:02:06 PM >> Security: sending Remote Assistant queries is enabled
7/26/2012 11:02:06 PM >> Security: anonymous user access is enabled
7/26/2012 11:02:06 PM >> Security: administrative shares (C$, D$ ...) are enabled
7/26/2012 11:02:06 PM >> Security: disk drives' autorun is enabled
7/26/2012 11:02:06 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
7/26/2012 11:02:06 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
7/26/2012 11:02:06 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
7/26/2012 11:02:06 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
7/26/2012 11:02:06 PM >> Services: potentially dangerous service allowed: TlntSvr ()
7/26/2012 11:02:06 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
7/26/2012 11:02:06 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
7/26/2012 11:01:13 PM Checking - complete
7/26/2012 11:01:13 PM Driver loaded successfully
7/26/2012 11:01:13 PM 1.5 Checking of IRP handlers
7/26/2012 11:01:13 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
7/26/2012 11:01:13 PM 1.4 Searching for masking processes and drivers
7/26/2012 11:01:12 PM Checking IDT and SYSENTER - complete
7/26/2012 11:01:12 PM Disable callback - óæå íåéòèðàëèçîâàíû
7/26/2012 11:01:12 PM CmpCallCallBacks = 00093D84
7/26/2012 11:01:12 PM Analysis for CPU 2
7/26/2012 11:01:12 PM Analysis for CPU 1
7/26/2012 11:01:12 PM 1.3 Checking IDT and SYSENTER
7/26/2012 11:01:12 PM Functions checked: 284, intercepted: 0, restored: 0
7/26/2012 11:01:11 PM KiST = 8050446C (284)
7/26/2012 11:01:11 PM SDT = 8055C700
7/26/2012 11:01:11 PM Kernel ntkrnlpa.exe found in memory at address 804D7000
7/26/2012 11:01:11 PM SDT found (RVA=085700)
7/26/2012 11:01:11 PM Driver loaded successfully
7/26/2012 11:01:11 PM 1.2 Searching for kernel-mode API hooks
7/26/2012 11:01:11 PM Analysis: netapi32.dll, export table found in section .text
7/26/2012 11:01:11 PM Analysis: urlmon.dll, export table found in section .text
7/26/2012 11:01:11 PM Analysis: rasapi32.dll, export table found in section .text
7/26/2012 11:01:11 PM Analysis: wininet.dll, export table found in section .text
7/26/2012 11:01:11 PM Analysis: ws2_32.dll, export table found in section .text
7/26/2012 11:01:11 PM Analysis: advapi32.dll, export table found in section .text
7/26/2012 11:01:11 PM Analysis: user32.dll, export table found in section .text
7/26/2012 11:01:10 PM Analysis: ntdll.dll, export table found in section .text
7/26/2012 11:01:10 PM IAT modification detected: GetProcAddress - 00B90390<>7C80AE40
7/26/2012 11:01:10 PM IAT modification detected: LoadLibraryA - 00B90320<>7C801D7B
7/26/2012 11:01:10 PM IAT modification detected: LoadLibraryW - 00B902B0<>7C80AEEB
7/26/2012 11:01:10 PM IAT modification detected: CreateProcessW - 00B901D0<>7C802336
7/26/2012 11:01:10 PM IAT modification detected: GetModuleFileNameW - 00B90160<>7C80B475
7/26/2012 11:01:10 PM IAT modification detected: FreeLibrary - 00B900F0<>7C80AC7E
7/26/2012 11:01:10 PM IAT modification detected: GetModuleFileNameA - 00B90080<>7C80B56F
7/26/2012 11:01:10 PM IAT modification detected: CreateProcessA - 00B90010<>7C80236B
7/26/2012 11:01:10 PM Analysis: kernel32.dll, export table found in section .text
7/26/2012 11:01:10 PM 1.1 Searching for user-mode API hooks
7/26/2012 11:01:10 PM System Restore: enabled
7/26/2012 11:01:10 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
7/26/2012 11:01:10 PM Main script of analysis
7/26/2012 11:01:08 PM Task started Gathering system information
Gathering system information: completed 3 minutes ago (events: 120, time: 00:08:04)
7/26/2012 11:19:13 PM Task completed Gathering system information
7/26/2012 11:19:12 PM Main script of analysis
7/26/2012 11:19:11 PM Deleting service/driver: uji5mjix
7/26/2012 11:19:11 PM Delete file:C:\WINDOWS\system32\Drivers\uti5mjix.sys
7/26/2012 11:19:11 PM [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uti5mjix
7/26/2012 11:19:11 PM Deleting service/driver: uti5mjix
7/26/2012 11:19:11 PM System Analysis - complete
7/26/2012 11:14:03 PM System Analysis in progress
7/26/2012 11:13:59 PM >> Disable removable media autorun
7/26/2012 11:13:59 PM >> Disable CD/DVD autorun
7/26/2012 11:13:59 PM >> Disable autorun from network drives
7/26/2012 11:13:59 PM >> Disable HDD autorun
7/26/2012 11:13:53 PM >> Security: sending Remote Assistant queries is enabled
7/26/2012 11:13:53 PM >> Security: anonymous user access is enabled
7/26/2012 11:13:53 PM >> Security: administrative shares (C$, D$ ...) are enabled
7/26/2012 11:13:53 PM >> Security: disk drives' autorun is enabled
7/26/2012 11:13:53 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
7/26/2012 11:13:53 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
7/26/2012 11:13:53 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
7/26/2012 11:13:53 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
7/26/2012 11:13:53 PM >> Services: potentially dangerous service allowed: TlntSvr ()
7/26/2012 11:13:53 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
7/26/2012 11:13:53 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
7/26/2012 11:12:26 PM Checking - complete
7/26/2012 11:12:26 PM Driver loaded successfully
7/26/2012 11:12:26 PM 1.5 Checking of IRP handlers
7/26/2012 11:12:26 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
7/26/2012 11:12:26 PM 1.4 Searching for masking processes and drivers
7/26/2012 11:12:21 PM Checking IDT and SYSENTER - complete
7/26/2012 11:12:21 PM Disable callback - óæå íåéòèðàëèçîâàíû
7/26/2012 11:12:21 PM CmpCallCallBacks = 00093D84
7/26/2012 11:12:21 PM Analysis for CPU 2
7/26/2012 11:12:21 PM Analysis for CPU 1
7/26/2012 11:12:21 PM 1.3 Checking IDT and SYSENTER
7/26/2012 11:12:21 PM Functions checked: 284, intercepted: 19, restored: 19
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtTerminateProcess (101) intercepted (805D2982->F7C28E67), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtSystemDebugControl (FF) intercepted (80617792->F7C28EDA), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtSetValueKey (F7) intercepted (80621D3A->F7C28E80), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtSetSecurityObject (ED) intercepted (805C05DA->F7C28ED5), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtSetContextThread (D5) intercepted (805D16F4->F7C28ECB), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtRestoreKey (CC) intercepted (806251A8->F7C28E8F), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtRequestWaitReplyPort (C8) intercepted (805A2D3C->F7C28ED0), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtReplaceKey (C1) intercepted (8062589C->F7C28E94), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtQueryValueKey (B1) intercepted (806219EC->F7C28EDF), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtOpenThread (80) intercepted (805CB686->F7C28E5D), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtOpenProcess (7A) intercepted (805CB3FA->F7C28E58), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtLoadKey (62) intercepted (806259EC->F7C28E8A), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtDuplicateObject (44) intercepted (805BDFB4->F7C28EB7), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtDeleteValueKey (41) intercepted (80623E34->F7C28E85), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtDeleteKey (3F) intercepted (80623C64->F7C28E7B), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtCreateThread (35) intercepted (805D0FD2->F7C28E6C), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtCreateSection (32) intercepted (805AB38E->F7C28EC6), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtCreateKey (29) intercepted (806237C8->F7C28E76), hook not defined
7/26/2012 11:12:19 PM >>> Hook code blocked
7/26/2012 11:12:19 PM >>> Function restored successfully !
7/26/2012 11:12:19 PM Function NtClose (19) intercepted (805BC4DC->F7C28EBC), hook not defined
7/26/2012 11:12:19 PM KiST = 8050446C (284)
7/26/2012 11:12:19 PM SDT = 8055C700
7/26/2012 11:12:19 PM Kernel ntkrnlpa.exe found in memory at address 804D7000
7/26/2012 11:12:19 PM SDT found (RVA=085700)
7/26/2012 11:12:19 PM Driver loaded successfully
7/26/2012 11:12:14 PM 1.2 Searching for kernel-mode API hooks
7/26/2012 11:12:00 PM Analysis: netapi32.dll, export table found in section .text
7/26/2012 11:11:57 PM Analysis: urlmon.dll, export table found in section .text
7/26/2012 11:11:57 PM Analysis: rasapi32.dll, export table found in section .text
7/26/2012 11:11:56 PM Analysis: wininet.dll, export table found in section .text
7/26/2012 11:11:56 PM Analysis: ws2_32.dll, export table found in section .text
7/26/2012 11:11:56 PM Analysis: advapi32.dll, export table found in section .text
7/26/2012 11:11:56 PM Analysis: user32.dll, export table found in section .text
7/26/2012 11:11:55 PM Analysis: ntdll.dll, export table found in section .text
7/26/2012 11:11:55 PM IAT modification detected: GetProcAddress - 00B90390<>7C80AE40
7/26/2012 11:11:55 PM IAT modification detected: LoadLibraryA - 00B90320<>7C801D7B
7/26/2012 11:11:55 PM IAT modification detected: LoadLibraryW - 00B902B0<>7C80AEEB
7/26/2012 11:11:55 PM IAT modification detected: CreateProcessW - 00B901D0<>7C802336
7/26/2012 11:11:55 PM IAT modification detected: GetModuleFileNameW - 00B90160<>7C80B475
7/26/2012 11:11:55 PM IAT modification detected: FreeLibrary - 00B900F0<>7C80AC7E
7/26/2012 11:11:55 PM IAT modification detected: GetModuleFileNameA - 00B90080<>7C80B56F
7/26/2012 11:11:55 PM IAT modification detected: CreateProcessA - 00B90010<>7C80236B
7/26/2012 11:11:55 PM Analysis: kernel32.dll, export table found in section .text
7/26/2012 11:11:55 PM 1.1 Searching for user-mode API hooks
7/26/2012 11:11:52 PM System Restore: enabled
7/26/2012 11:11:52 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
7/26/2012 11:11:49 PM Main script of analysis
7/26/2012 11:11:09 PM Task started Gathering system information

Edited by richclan, 26 July 2012 - 09:25 PM.

  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Looks good. Please run following fix then scan:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
here's the 1st one
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sydney G\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sydney G\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sydney G\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sydney G\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sydney G\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sydney G\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sydney G\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sydney G\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sydney G\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sydney G\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: All Users

User: CDR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2075 bytes
->FireFox cache emptied: 20222440 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Sydney G
->Temp folder emptied: 7679902 bytes
->Temporary Internet Files folder emptied: 1994214 bytes
->FireFox cache emptied: 193567063 bytes
->Flash cache emptied: 6278 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134470 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 423256995 bytes

Total Files Cleaned = 617.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: CDR

User: Default User

User: Guest

User: LocalService

User: NetworkService

User: Owner

User: Sydney G

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: CDR

User: Default User

User: Guest

User: LocalService

User: NetworkService

User: Owner

User: Sydney G
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07272012_120019

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






quick scan txt






OTL logfile created on: 7/27/2012 12:24:12 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Sydney G\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 534.81 Mb Available Physical Memory | 52.72% Memory free
2.39 Gb Paging File | 1.92 Gb Available in Paging File | 80.57% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.74 Gb Total Space | 19.18 Gb Free Space | 49.50% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 11.88 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 1.08 Gb Free Space | 28.97% Space Free | Partition Type: FAT32

Computer Name: RICHFAMILY | User Name: Sydney G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 19:11:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sydney G\Desktop\OTL.exe
PRC - [2012/07/13 20:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/04 19:08:08 | 001,607,040 | ---- | M] (IObit) -- C:\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/13 20:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/31 08:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Smart Defrag 2\NtfsData.dll
MOD - [2011/05/26 15:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2005/12/19 09:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/26 19:53:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 20:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/05/06 18:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/07/16 11:29:33 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/08/11 18:18:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 13:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/09 11:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.co...nType=TB50TRie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {1C821014-B238-4CFD-89EB-34E64FAFA3B3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1C821014-B238-4CFD-89EB-34E64FAFA3B3}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{885793DE-DF8F-4C29-A31C-78FA75A7A467}: "URL" = http://www.google.co...1I7DKUS_enUS448
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/26 19:05:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/25 12:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sydney G\Application Data\Mozilla\Extensions
[2012/07/26 11:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sydney G\Application Data\Mozilla\Firefox\Profiles\stt8y5dg.default\extensions
[2012/07/25 12:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/25 13:20:32 | 000,330,316 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SYDNEY G\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\STT8Y5DG.DEFAULT\EXTENSIONS\[email protected]
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/27 12:00:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343346011046 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macrom...abs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE07B3F-243E-46AA-B5D5-57D3B1ED6E21}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sydney G\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sydney G\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/13 16:39:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 10:21:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/26 23:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Application Data\Avira
[2012/07/26 23:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/07/26 23:03:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/07/26 23:03:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/07/26 23:03:42 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/07/26 23:03:42 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/07/26 23:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/07/26 23:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/07/26 20:49:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/07/26 20:16:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/07/26 19:27:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/26 17:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/07/26 16:53:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/26 11:24:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/26 11:23:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/26 11:23:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/26 11:23:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/26 11:23:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/26 11:22:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/26 11:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/26 11:21:34 | 004,719,912 | R--- | C] (Swearware) -- C:\Documents and Settings\Sydney G\Desktop\ComboFix.exe
[2012/07/25 19:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\Wildtangent
[2012/07/25 17:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\MigWiz
[2012/07/25 17:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Easy Transfer 7
[2012/07/25 17:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\Coupon Companion
[2012/07/25 17:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Companion
[2012/07/25 12:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\My Documents\Downloads
[2012/07/25 12:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\Mozilla
[2012/07/25 12:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Application Data\Mozilla
[2012/07/25 12:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/25 12:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/25 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/07/25 11:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Application Data\IObit
[2012/07/21 01:46:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2012/07/20 22:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XP Registry Cleaner
[2012/07/20 22:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPToolsLicenseComponent
[2012/07/20 22:12:16 | 000,000,000 | ---D | C] -- C:\XP Registry Cleaner
[2012/07/20 22:07:58 | 000,029,528 | ---- | C] (IObit) -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2012/07/20 22:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2012/07/20 22:07:03 | 000,000,000 | ---D | C] -- C:\Smart Defrag 2
[2012/07/20 22:06:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sydney G\Start Menu\Programs\Administrative Tools
[2012/07/20 21:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Application Data\AVS4YOU
[2012/07/20 21:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2012/07/20 21:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Start Menu\Programs\AVS4YOU
[2012/07/20 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012/07/20 21:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
[2012/07/20 21:49:09 | 000,000,000 | ---D | C] -- C:\AVSMediaPlayer
[2012/07/20 21:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2012/07/20 19:11:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sydney G\Desktop\OTL.exe
[2012/07/20 12:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sydney G\Start Menu\Programs\CleanUp!
[2012/07/20 12:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!

========== Files - Modified Within 30 Days ==========

[2012/07/27 12:06:44 | 000,404,428 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/27 12:06:44 | 000,063,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/27 12:02:43 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/07/27 12:02:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/27 12:00:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/27 11:56:03 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/27 11:53:24 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/27 11:52:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/26 23:04:30 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/07/26 20:56:28 | 141,457,000 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\setup_11.0.0.1245.x01_2012_07_27_03_02.exe
[2012/07/26 20:50:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/07/26 20:50:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/26 12:25:21 | 003,876,627 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\dellservice.zip
[2012/07/26 12:24:47 | 003,832,540 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\dellmanual.zip
[2012/07/26 11:24:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/26 11:21:38 | 004,719,912 | R--- | M] (Swearware) -- C:\Documents and Settings\Sydney G\Desktop\ComboFix.exe
[2012/07/25 12:02:50 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/25 12:02:50 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/20 22:15:32 | 069,734,980 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\first.reg
[2012/07/20 22:12:17 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\XP Registry Cleaner.lnk
[2012/07/20 22:07:05 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2012/07/20 22:07:05 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2012/07/20 21:59:09 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 21:51:28 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\AVS4YOU Software Navigator.lnk
[2012/07/20 21:51:08 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\AVS Video Converter.lnk
[2012/07/20 21:50:19 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\AVS Media Player.lnk
[2012/07/20 19:11:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sydney G\Desktop\OTL.exe
[2012/07/20 18:58:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/20 13:05:41 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/20 12:45:16 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Sydney G\Desktop\CleanUp!.lnk

========== Files Created - No Company Name ==========

[2012/07/27 10:08:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/27 10:08:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/07/26 23:04:30 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/07/26 20:53:35 | 141,457,000 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\setup_11.0.0.1245.x01_2012_07_27_03_02.exe
[2012/07/26 12:23:06 | 003,832,540 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\dellmanual.zip
[2012/07/26 12:22:47 | 003,876,627 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\dellservice.zip
[2012/07/26 11:24:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/26 11:24:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/26 11:23:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/26 11:23:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/26 11:23:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/26 11:23:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/26 11:23:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/25 17:02:19 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Easy Transfer for Windows 7.lnk
[2012/07/25 12:02:50 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/25 12:02:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/25 12:02:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/20 22:15:19 | 069,734,980 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\first.reg
[2012/07/20 22:12:17 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\XP Registry Cleaner.lnk
[2012/07/20 22:07:58 | 000,000,246 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/07/20 22:07:06 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/07/20 22:07:05 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Defrag 2.lnk
[2012/07/20 22:07:05 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2012/07/20 21:51:08 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\AVS Video Converter.lnk
[2012/07/20 21:50:37 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\AVS4YOU Software Navigator.lnk
[2012/07/20 21:50:19 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\AVS Media Player.lnk
[2012/07/20 18:43:11 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/20 14:09:03 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 13:05:41 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Sydney G\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/20 12:45:16 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Sydney G\Desktop\CleanUp!.lnk
[2011/09/09 11:43:19 | 000,000,621 | R--- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/08/31 09:15:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/10/12 06:15:22 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sydney G\Local Settings\Application Data\fusioncache.dat
[2007/02/20 22:01:45 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== LOP Check ==========

[2008/05/13 16:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/09/10 10:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/01 07:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/25 11:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sydney G\Application Data\IObit
[2011/09/12 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sydney G\Application Data\Leadertech
[2012/07/27 12:02:43 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========



< End of report >

Edited by richclan, 27 July 2012 - 10:34 AM.

  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. I see you've installed antivirus and updated Windows to SP3. You probably also deleted some not needed files and uninstalled some programs as I see now much more free space on system partition. That's good.

So please tell me how is your computer running now and what problems remains.
  • 0

#15
richclan

richclan

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
you did a great job, i think its all good. i just need to get a battery and a "z" key for it.
my wife will be happy to get it finally.
again thanks for talking the time to help me out.
i guess that it? right!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP