Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

INFECTED Win32:Hrupka-D and...

Started by blah12 , Sep 13 2012 10:30 PM

This topic is locked

#16
blah12

Posted 18 September 2012 - 07:43 PM

Member

Topic Starter
Member
32 posts

FFS:

Farbar Service Scanner Version: 06-08-2012
Ran by Chris (administrator) on 18-09-2012 at 21:33:09
Running from "C:\Documents and Settings\Chris\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2005-08-16 05:18] - [2004-08-10 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2005-08-16 05:18] - [2004-08-10 06:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2005-08-16 05:18] - [2004-08-10 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2005-08-16 05:18] - [2004-08-10 06:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2005-08-16 05:18] - [2004-08-10 06:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2005-08-16 05:18] - [2004-08-10 06:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-08-16 05:37] - [2004-08-10 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2005-08-16 05:40] - [2004-08-10 06:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2005-08-16 05:40] - [2004-08-10 06:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2005-08-16 05:18] - [2004-08-10 06:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-08-16 05:37] - [2004-08-10 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2005-08-16 05:40] - [2004-08-10 06:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2005-08-16 05:40] - [2004-08-10 06:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2005-08-16 05:18] - [2004-08-10 06:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2005-08-16 05:18] - [2004-08-10 06:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2005-08-16 05:18] - [2004-08-10 06:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2005-08-16 05:18] - [2004-08-10 06:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2005-08-16 05:18] - [2004-08-10 06:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#17
Dakeyras

Posted 19 September 2012 - 03:21 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

the internet connectivity issue seems to have gone away on it's own. prior to following the steps from post 11.

Good.

and is there supposed to be a log for CHKDSK?

No there is not per-say nor do I need to review such. Though technically there may be some form of actual log pertaining in say the Event Viewer.

Probably be a good idea to perform such in-depth maintenance say at least once per month.

Anyway before we go any further I would like to review the current status of your machine as follows...

Re-scan with OTL:

Please delete your current version of OTL(if still present) then download a updated version of OTL and save it to your Desktop.

Alternate downloads are here and here.

Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

#18
blah12

Posted 19 September 2012 - 09:52 AM

Member

Topic Starter
Member
32 posts

OTL

OTL logfile created on: 9/19/2012 11:32:04 AM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 574.53 Mb Available Physical Memory | 56.20% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.58 Gb Total Space | 73.90 Gb Free Space | 85.36% Space Free | Partition Type: NTFS

Computer Name: DDXXQ1B1 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\NetWaiting\netwaiting.exe ()
MOD - C:\Program Files\Creative\VoiceCenter\AEWave.ax ()

========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/18 02:56:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/18 02:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/09/18 02:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/17 15:43:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C02C4E-EFB1-445B-8BBE-D35D513ECBB1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 11:31:10 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/18 19:31:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/18 19:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder (3)
[2012/09/18 19:26:53 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/09/18 19:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\9-18-2012
[2012/09/18 19:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/18 19:07:25 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt-setup.exe
[2012/09/18 16:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My eBooks
[2012/09/18 03:33:40 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/18 03:33:40 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/18 02:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2012/09/18 02:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/18 02:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/18 02:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2012/09/18 02:19:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/18 02:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2012/09/18 02:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/09/17 22:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\UserData
[2012/09/17 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder (2)
[2012/09/17 15:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/17 15:38:09 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/09/17 15:36:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/17 15:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/17 15:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\9-17-2012
[2012/09/17 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/17 15:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder
[2012/09/17 11:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Videos
[2012/09/16 12:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/14 02:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Adobe
[2012/09/14 02:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Adobe
[2012/09/14 02:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/09/13 22:32:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/09/13 20:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)
[2012/09/13 19:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2012/09/13 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/13 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/13 14:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Application Data\Gtek
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Macromedia
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Identities
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Corel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\ATI
[2012/09/13 14:02:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Cookies
[2012/09/13 14:02:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data
[2012/09/13 14:02:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Favorites
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sun
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Musicmatch
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\BVRP Software
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ATI
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\SendTo
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Pictures
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Music
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Accessories
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Templates
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\PrintHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\NetHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Local Settings
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Wildtangent
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VoiceCenter
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell Accessories
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/13 13:25:33 | 017,790,056 | ---- | C] (Mozilla) -- C:\Documents and Settings\Chris\Desktop\Firefox Setup 15.0.1.exe
[2012/09/13 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2012/09/13 13:20:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/09/13 13:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[2012/09/13 13:10:22 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/19 11:31:11 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/19 11:19:30 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/19 11:19:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/19 11:19:20 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/18 19:26:54 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/09/18 19:23:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 19:23:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/09/18 19:07:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt-setup.exe
[2012/09/18 03:33:40 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/18 03:33:40 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/18 02:56:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/18 02:56:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/18 01:42:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/18 01:09:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/18 00:57:52 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/17 23:10:58 | 000,058,493 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\483280_4692075105148_390495594_n.jpg
[2012/09/17 15:43:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/14 02:50:27 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/09/14 00:51:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:48:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:46 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:34 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:28 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/13 14:02:26 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:01:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/13 14:01:06 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2012/09/13 14:01:06 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:32:29 | 093,654,616 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/13 13:26:31 | 017,790,056 | ---- | M] (Mozilla) -- C:\Documents and Settings\Chris\Desktop\Firefox Setup 15.0.1.exe
[2012/09/13 13:18:53 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012/09/13 13:07:46 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/13 13:07:46 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/18 19:23:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 19:23:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/09/18 02:56:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/18 02:56:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/18 02:56:02 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/18 02:26:45 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/17 23:10:57 | 000,058,493 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\483280_4692075105148_390495594_n.jpg
[2012/09/17 15:38:12 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/09/17 15:38:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/14 02:50:27 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/09/14 00:51:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:48:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/13 14:02:08 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2012/09/13 14:02:08 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2012/09/13 14:02:08 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/09/13 14:02:08 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:02:08 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/09/13 14:02:07 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Media Center.lnk
[2012/09/13 14:02:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/13 14:02:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:05 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Remote Assistance.lnk
[2012/09/13 14:02:05 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Windows Media Player.lnk
[2012/09/13 14:02:05 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Internet Explorer.lnk
[2012/09/13 14:02:05 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Outlook Express.lnk
[2012/09/13 14:01:59 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:34:38 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/13 13:26:36 | 093,654,616 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/13 13:18:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/24 10:50:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

< End of report >

#19
blah12

Posted 19 September 2012 - 09:53 AM

Member

Topic Starter
Member
32 posts

Extras

OTL Extras logfile created on: 9/19/2012 11:32:04 AM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 574.53 Mb Available Physical Memory | 56.20% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.58 Gb Total Space | 73.90 Gb Free Space | 85.36% Space Free | Partition Type: NTFS

Computer Name: DDXXQ1B1 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"ProInst" = Intel® PROSet/Wireless Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2012 12:43:00 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:45:43 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:47:03 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:48:19 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:54:40 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 1:28:19 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:12:30 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:13:49 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:16:32 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:16:32 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 9/13/2012 7:52:01 PM | Computer Name = DDXXQ1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/13/2012 7:52:43 PM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 APPDRV aswSP aswTdi Fips intelppm

Error - 9/13/2012 9:38:56 PM | Computer Name = DDXXQ1B1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/13/2012 11:30:03 PM | Computer Name = DDXXQ1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/13/2012 11:32:33 PM | Computer Name = DDXXQ1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/18/2012 12:22:27 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 9/18/2012 12:22:31 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 9/18/2012 12:32:30 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 9/18/2012 12:32:49 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The Creative Labs Licensing Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/18/2012 12:32:53 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

#20
Dakeyras

Posted 19 September 2012 - 01:36 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Please bare with me as I need to seek a second opinion about something from a well respected colleague OK. This is not a cause for concern I will further add, merely view it as myself ensuring I can provide the best Anti-Malware support for your machine/good self overall.

I will reply back with the next course of action in due course.

#21
Dakeyras

Posted 21 September 2012 - 02:01 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

My apologies for the delay, lets proceed as follows shall we...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\gtg-backup

and click on OK.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Reset SP2 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

StartUpLite:

Please download this small application from here.

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

Re-scan with OTL:

OTL has been updated again, so please follow my prior instructions in post #17 and in turn post back a new set of logs, thank you.

#22
blah12

Posted 21 September 2012 - 09:33 AM

Member

Topic Starter
Member
32 posts

it ok. just glad that you can help.

OTL:

OTL logfile created on: 9/21/2012 9:08:38 AM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 594.56 Mb Available Physical Memory | 58.16% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.58 Gb Total Space | 74.27 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: DDXXQ1B1 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NetWaiting\netwaiting.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0002\~df394b.tmp ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\NetWaiting\netwaiting.exe ()
MOD - C:\Program Files\Creative\VoiceCenter\AEWave.ax ()

========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/18 02:56:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/18 02:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/09/21 08:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\o5mcsl8r.default\extensions
[2012/09/18 02:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/17 15:43:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1089046729-4143719759-2789621759-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C02C4E-EFB1-445B-8BBE-D35D513ECBB1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 08:59:10 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Chris\Desktop\startuplite-setup-1.07.exe
[2012/09/19 11:31:10 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/18 19:31:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/18 19:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder (3)
[2012/09/18 19:26:53 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/09/18 19:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\9-18-2012
[2012/09/18 19:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/18 19:07:25 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt-setup.exe
[2012/09/18 16:22:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\My eBooks
[2012/09/18 03:33:40 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/18 03:33:40 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/18 02:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2012/09/18 02:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/18 02:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/18 02:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2012/09/18 02:19:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/18 02:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2012/09/18 02:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/09/17 22:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\UserData
[2012/09/17 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder (2)
[2012/09/17 15:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/09/17 15:38:09 | 000,000,000 | ---D | C] -- C:\cmdcons
[2012/09/17 15:36:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/17 15:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/17 15:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\9-17-2012
[2012/09/17 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/17 15:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder
[2012/09/17 11:06:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Videos
[2012/09/16 12:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/14 02:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Adobe
[2012/09/14 02:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Adobe
[2012/09/14 02:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/09/13 22:32:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/09/13 20:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)
[2012/09/13 19:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2012/09/13 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/13 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/13 14:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Application Data\Gtek
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Macromedia
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Identities
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Corel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\ATI
[2012/09/13 14:02:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Cookies
[2012/09/13 14:02:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data
[2012/09/13 14:02:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Favorites
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sun
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Musicmatch
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\BVRP Software
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ATI
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\SendTo
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Pictures
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Music
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Accessories
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Templates
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\PrintHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\NetHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Local Settings
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Wildtangent
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VoiceCenter
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell Accessories
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/13 13:25:33 | 017,790,056 | ---- | C] (Mozilla) -- C:\Documents and Settings\Chris\Desktop\Firefox Setup 15.0.1.exe
[2012/09/13 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2012/09/13 13:20:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/09/13 13:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[2012/09/13 13:10:22 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/21 09:07:00 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/21 09:03:25 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/21 09:03:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/21 09:03:20 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/21 08:59:10 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Chris\Desktop\startuplite-setup-1.07.exe
[2012/09/20 23:19:17 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/20 23:19:17 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/20 23:17:25 | 009,781,284 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\01 My Cure (Rough Mix).mp3
[2012/09/18 19:26:54 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Chris\Desktop\FSS.exe
[2012/09/18 19:23:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 19:23:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/09/18 19:07:26 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Chris\Desktop\erunt-setup.exe
[2012/09/18 03:33:40 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/18 03:33:40 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/18 02:56:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/18 02:56:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/18 01:42:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/18 01:09:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/18 00:57:52 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/17 23:10:58 | 000,058,493 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\483280_4692075105148_390495594_n.jpg
[2012/09/17 15:43:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/14 02:50:27 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/09/14 00:51:42 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:48:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:46 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:34 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:26 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:01:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/13 14:01:06 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2012/09/13 14:01:06 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:32:29 | 093,654,616 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/13 13:26:31 | 017,790,056 | ---- | M] (Mozilla) -- C:\Documents and Settings\Chris\Desktop\Firefox Setup 15.0.1.exe
[2012/09/13 13:18:53 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012/09/13 13:07:46 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/13 13:07:46 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 23:19:17 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/20 23:16:32 | 009,781,284 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\01 My Cure (Rough Mix).mp3
[2012/09/18 19:23:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NTREGOPT.lnk
[2012/09/18 19:23:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/09/18 02:56:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/18 02:56:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/18 02:56:02 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/18 02:26:45 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/17 23:10:57 | 000,058,493 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\483280_4692075105148_390495594_n.jpg
[2012/09/17 15:38:12 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/09/17 15:38:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/14 02:50:27 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2012/09/14 00:51:42 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/09/14 00:51:42 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/09/13 20:04:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 14:48:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/13 14:02:08 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2012/09/13 14:02:08 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2012/09/13 14:02:08 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/09/13 14:02:08 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:02:08 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/09/13 14:02:07 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Media Center.lnk
[2012/09/13 14:02:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/13 14:02:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:05 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Remote Assistance.lnk
[2012/09/13 14:02:05 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Windows Media Player.lnk
[2012/09/13 14:02:05 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Internet Explorer.lnk
[2012/09/13 14:02:05 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Outlook Express.lnk
[2012/09/13 14:01:59 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Chris\NTUSER.bak
[2012/09/13 13:59:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:34:38 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/13 13:26:36 | 093,654,616 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/13 13:18:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/24 10:50:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2012/09/18 13:27:01 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Macromedia\Flash Player\#SharedObjects\7GCFCYJK\t.cxt.ms\lso.swf\u.sol
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

< End of report >

#23
blah12

Posted 21 September 2012 - 09:34 AM

Member

Topic Starter
Member
32 posts

Extras:

OTL Extras logfile created on: 9/21/2012 9:08:38 AM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 594.56 Mb Available Physical Memory | 58.16% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.58 Gb Total Space | 74.27 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: DDXXQ1B1 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1089046729-4143719759-2789621759-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"ESPNMotion" = ESPNMotion
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"ProInst" = Intel® PROSet/Wireless Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2012 12:43:00 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:45:43 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:47:03 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:48:19 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:54:40 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 1:28:19 AM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:12:30 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:13:49 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:16:32 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: This operation returned because the timeout period expired.

Error - 9/14/2012 12:16:32 PM | Computer Name = DDXXQ1B1 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....9B6744A5E5.crt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 9/13/2012 7:52:01 PM | Computer Name = DDXXQ1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/13/2012 7:52:43 PM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 APPDRV aswSP aswTdi Fips intelppm

Error - 9/13/2012 9:38:56 PM | Computer Name = DDXXQ1B1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 9/13/2012 11:30:03 PM | Computer Name = DDXXQ1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/13/2012 11:32:33 PM | Computer Name = DDXXQ1B1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/18/2012 12:22:27 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 9/18/2012 12:22:31 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 9/18/2012 12:32:30 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 9/18/2012 12:32:49 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The Creative Labs Licensing Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/18/2012 12:32:53 AM | Computer Name = DDXXQ1B1 | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

#24
Dakeyras

Posted 21 September 2012 - 01:21 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

it ok. just glad that you can help.

Thanks and a genuine pleasure to be of assistance....

Next:

Looks like a Anti-Virus application is no longer installed, so we will reinstall one in due course.

We will not be however not be using the installer that appears still to be present:-

C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe

Reason being it may be compromised/patched by malware and best to err on the side of caution I think.

Next:

The Adobe and Java related updates we will address in due course. As out of date installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Media Player
WildTangent Web Driver

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom OTL Script:

Double-click on OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2012/09/18 02:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/18 02:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2012/09/13 22:32:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/09/13 20:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Wildtangent
[2012/09/13 13:32:29 | 093,654,616 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/13 13:34:38 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/18 13:27:01 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Macromedia\Flash Player\#SharedObjects\7GCFCYJK\t.cxt.ms\lso.swf\u.sol
[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

:Files
ipconfig /flushdns /c
c:\windows\system32\URTTemp
c:\windows\wt
c:\documents and settings\Chris\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0002\~df394b.tmp

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =dword:00000001

:Commands
[Purity]
[ResetHosts]
[EmptyTemp]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.

When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download/Install a AV:

Download just one only of the two free anti-virus programs/installers listed below please:

Once installed >> Check for Updates again as a precaution >> Carry Out a Complete Scan. Have it fix anything it finds.

Note: Which ever you chose to install, if after the scan anything is detected in the C:\System Volume Information folder...

Do not remove as these will be actual infected System Restore points and even such can be of use if the need. We will flush & reset the aforementioned when we are finished/I give the all clear etc.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

#25
blah12

Posted 21 September 2012 - 03:40 PM

Member

Topic Starter
Member
32 posts

Malwarebytes did not detect anything. Avast found 7 errors but all 7 errors are C:\TDSSKiller_Quarantine. Avast could not fix/repair the files what should I do? It also labeled them as "high severity" and is calling some of them malware, and other things. Also the symptoms are persisting.

OTL:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com\online\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
File E:\setup.exe not found.
C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall folder moved successfully.
C:\Documents and Settings\Chris\Application Data\McAfee.com Personal Firewall folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data\sports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\Archive folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall folder moved successfully.
C:\Program Files\McAfee folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent folder moved successfully.
C:\Documents and Settings\All Users\Application Data\McAfee.com folder moved successfully.
C:\VIPRERESCUE\Quarantine folder moved successfully.
C:\VIPRERESCUE\Definitions folder moved successfully.
C:\VIPRERESCUE folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\Updater(2)\AU_Data(2)\AU_Log(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\Updater(2)\AU_Data(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\Updater(2)\AUCache(2)\AU_Cache(2)\housecall-ctp-p.activeupdate.trendmicro(2).com folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\Updater(2)\AUCache(2)\AU_Cache(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\Updater(2)\AUCache(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\Updater(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\PrerequisiteChecker(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\Output(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\internal(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\profile(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\lib(2)\json(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\lib(2)\jquery(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\lib(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\l10n(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\js(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\images(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\html(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2)\css(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2)\interface(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2)\HC_ATTK(2) folder moved successfully.
C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit(2) folder moved successfully.
Folder C:\Documents and Settings\Chris\Local Settings\Application Data\Wildtangent\ not found.
C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe moved successfully.
C:\WINDOWS\tasks\avast! Emergency Update.job moved successfully.
C:\Documents and Settings\Chris\Application Data\Macromedia\Flash Player\#SharedObjects\7GCFCYJK\t.cxt.ms\lso.swf\u.sol moved successfully.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chris\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris\Desktop\cmd.txt deleted successfully.
c:\windows\system32\URTTemp folder moved successfully.
File\Folder c:\windows\wt not found.
File\Folder c:\documents and settings\Chris\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp not found.
C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0002\~df394b.tmp moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\"DisableMonitoring" |dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\"DisableMonitoring" |dword:00000001 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Chris
->Temp folder emptied: 111183975 bytes
->Temporary Internet Files folder emptied: 528585 bytes
->FireFox cache emptied: 355167309 bytes
->Flash cache emptied: 11030 bytes

User: Default User
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 600576 bytes

Total Files Cleaned = 446.00 mb

OTL by OldTimer - Version 3.2.65.1 log created on 09212012_141438

Files\Folders moved on Reboot...
C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0001\~efe2.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#26
blah12

Posted 21 September 2012 - 03:41 PM

Member

Topic Starter
Member
32 posts

Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.21.09

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Chris :: DDXXQ1B1 [administrator]

Protection: Disabled

9/21/2012 2:25:59 PM
mbam-log-2012-09-21 (14-25-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201939
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#27
blah12

Posted 21 September 2012 - 11:21 PM

Member

Topic Starter
Member
32 posts

Avaast Labeled two of these files as Rootkits / two mal ware generators / a trojan / and there were two others but i would have to run the scan again to see what they are

i think one of them was called aulron or something like that, and another called b@mbr

i took no action, as they appear to be in quarantine from TSSDKiller, and AVAST could not repair the files.

As a side note. I am a bit concerned because prior to posting I followed the steps on the malware removal guide, and malwarebytes would not run. I would click on the scan icon and it would just lock up (I probably should have posted this symptom before; it didn't even occur to me until just now, and I apologize that I did not.) I followed the directions to get malwarebytes to run, but the program from avast linked on that page changed how my computer booted up.

I wish i knew the proper terminology to explain this properly, but originally the computer would boot up from DOS, and then another DOS screen would appear, and then after that it would start loading windows. After using the avast program (not the anti virus version of it, but to get malwarebytes to work) it changed the second DOS screen to something else (but still a DOS screen none the less.) Since running some fixes that screen has since gone away. Now the laptop only boots one DOS screen, and then starts loading windows.

My concern is that the second DOS screen was required to reinstall windows from the hard drive partion. Will we be able to recover that process or is it gone forever?

#28
Dakeyras

Posted 22 September 2012 - 06:00 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

i took no action, as they appear to be in quarantine from TSSDKiller, and AVAST could not repair the files.

Aye just ignore that(them) for now as when we actually remove all tools used they will be removed also.

OK I have a few questions before we proceed any further as follows...

1 - It appears your machine may be a Dell modal, if so please inform myself the exact modal.

2 - After invoking the Recovery Partition the last time did you afterwards use say either a Dell Resource CD-ROM or Driver and Utilities CD-ROM to update all drivers for your machine etc?

#29
blah12

Posted 22 September 2012 - 12:17 PM

Member

Topic Starter
Member
32 posts

1. it's a Dell Inspiron e1505 laptop
2. No CD ROM or utility to update the drivers.
- I use FL Studio which installs the AISO Driver audio driver, and it is normally on my computer, but after I reinstalled from the hard drive partition since I have visited the forum i did not reinstall any applications, only AVAST/Firefox/Malwarebytes/Adobe Flash Player and I tried to uninstall McAfee (it blocks intel PROset/wireless.) To the best of my memory these are the only changes I made right after reinstalling windows. No major changes to anything, or driver updates that I am aware of. No windows updates either.

#30
Dakeyras

Posted 22 September 2012 - 01:10 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Thanks for the answers...

For the meantime please double check for me if you can invoke the Recovery Partition via:-

Reboot your machine and depress and hold the Ctrl key and tap on F11 >> If able to load/invoke do not use it and merely come back out of that and load Windows back into Normal Mode.

If still works via that methodology all good. If not we can look into checking what is stopping it from loading etc and see if we can repair that.

Next:

I still wish to get your machine both stable and malware free also.

Do not use IE at all for the time being as at present you only have IE6 which is way out of date and in all probability will not be working correctly anyway. So stick with using Mozilla Firefox for now as you have been.

Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate download is here.

Quit all running programs
Double-click on RogueKiller.exe to start the application.
Let the pre-scan complete, then click on Accept option when the disclaimer window appears.
Now click on the Scan tab back in the RogueKiller main window.
The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.