Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirect virus and slow machine, can't run tdsskiller

Started by mppd20 , Oct 05 2012 01:43 AM

Please log in to reply

#1
mppd20

Posted 05 October 2012 - 01:43 AM

Member

Member
35 posts

I have tried about everything I know to try and remove this virus. I cannot run TDSSKILLER and I am having no luck getting it to run. I do not know when the virus attacked, but I know it made all of my files hidden and it currently will not let my firewall turn on. I have pasted the OTL. Thanks in advance.

OTL logfile created on: 10/5/2012 3:34:24 AM - Run 5
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\ScottdalePolice\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.23 Mb Total Physical Memory | 353.70 Mb Available Physical Memory | 36.87% Memory free
2.26 Gb Paging File | 1.48 Gb Available in Paging File | 65.34% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 95.13 Gb Free Space | 63.83% Space Free | Partition Type: NTFS

Computer Name: WS2 | User Name: ScottdalePolice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ScottdalePolice\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\msisear.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\msisear.exe ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\LogMeIn\x86\ICSAgent32.dll ()
MOD - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
MOD - C:\Program Files\Lexmark 5200 Series\ConvDIB.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBTPP5C.DLL ()
MOD - C:\WINDOWS\system32\LXPRMON.DLL ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()

========== Services (SafeList) ==========

SRV - (W32Serv) -- C:\WINDOWS\msisear.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ppped) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
SRV - (lxbt_device) -- C:\WINDOWS\system32\lxbtcoms.exe (Lexmark International, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.sys (Roxio)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (W8335XP) -- C:\WINDOWS\system32\drivers\Mrv8000c.sys (Marvell Semiconductor, Inc)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{090199AC-50D9-4264-BE67-93B6A6869C17}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{0F39D79C-91FC-48EC-A79C-F8D45925B78E}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B5C400C-43C0-42BF-8E6E-BA48BD32E3C5}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{5F8D2B74-6ACE-40B5-936D-E7EDABF083A8}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{68F29EDB-4D1A-4C4C-B722-0C6439399C10}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{7AFAD45A-B5F4-44BB-AA18-55DFC87F2C01}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKLM\..\SearchScopes\{D281A3A0-B521-4853-A632-74DEBE2135AF}: "URL" = http://shopping.yaho...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 72 F1 B0 02 A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Scottdale Police\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Scottdale Police\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab46479.cab (StagingUI Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.3.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vra.co.westm...svrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} http://zone.msn.com/...rp.cab51831.cab (Chess Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.micr...44/mpg4sdmo.cab (Reg Error: Unable to open value key)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vra.co.westm...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1153696192234 (MUWebControl Class)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {B37D8AB5-3A6C-4219-BC46-93B26EF0E53D} http://211.174.251.155/XViewer.cab (ActiveFormX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab41227.cab (StadiumProxy Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pccd.webex.c...nbr/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFEFA7FA-1CCB-4C85-82F0-C3B82EF47C4D}: NameServer = 192.168.1.1,24.154.1.37
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 02:53:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 03:30:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ScottdalePolice\Desktop\aswMBR.exe
[2012/10/05 02:51:43 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTL.exe
[2012/10/05 02:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottdalePolice\Desktop\tdsskiller
[2012/10/05 01:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottdalePolice\Desktop\GooredFix Backups
[2012/10/05 01:50:27 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\ScottdalePolice\Desktop\GooredFix.exe
[2012/10/05 01:42:22 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTM.exe
[2012/10/04 22:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/04 22:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 22:38:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ScottdalePolice\Start Menu\Programs\Administrative Tools
[2012/10/04 04:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/04 04:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/10/04 03:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottdalePolice\Application Data\Malwarebytes
[2012/10/04 03:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/04 03:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/04 03:10:45 | 004,762,471 | R--- | C] (Swearware) -- C:\Documents and Settings\ScottdalePolice\Desktop\ComboFix.exe
[2012/10/03 23:33:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ScottdalePolice\Recent
[2012/10/03 21:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/10/03 21:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ScottdalePolice\Desktop\TDSSKiller.exe
[2012/09/07 21:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6F63A58B0819AF1700001EA47B07D287
[2005/03/17 22:33:14 | 000,129,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSCAL.OCX
[2003/10/20 11:23:28 | 000,303,104 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\Common Files\dzactx.dll
[2003/10/20 11:23:28 | 000,262,144 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\Common Files\duzactx.dll
[2003/04/23 12:24:00 | 000,253,952 | ---- | C] (Gamesman Inc.) -- C:\Program Files\Common Files\cttree.ocx
[2002/08/22 15:10:18 | 000,241,664 | ---- | C] (DBI Technologies Inc.) -- C:\Program Files\Common Files\ctList.ocx
[2001/08/28 01:55:20 | 000,069,632 | ---- | C] (Gamesman Inc.) -- C:\Program Files\Common Files\ctClock.ocx
[1998/12/08 22:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 22:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 22:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 22:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 22:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 22:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[9 C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp files -> C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/05 03:35:30 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1021UA.job
[2012/10/05 03:30:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ScottdalePolice\Desktop\aswMBR.exe
[2012/10/05 03:24:29 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/05 03:24:26 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/05 03:24:26 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_ScottdalePolice.job
[2012/10/05 03:24:24 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012/10/05 03:23:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/05 03:23:51 | 1005,899,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 03:16:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1003UA.job
[2012/10/05 03:13:01 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 02:51:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTL.exe
[2012/10/05 02:42:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/05 02:30:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/05 02:07:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/10/05 01:56:18 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\tdsskiller.zip
[2012/10/05 01:50:22 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\ScottdalePolice\Desktop\GooredFix.exe
[2012/10/05 01:48:48 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\MSN.com.url
[2012/10/05 01:42:03 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTM.exe
[2012/10/05 00:49:45 | 004,762,471 | R--- | M] (Swearware) -- C:\Documents and Settings\ScottdalePolice\Desktop\ComboFix.exe
[2012/10/04 22:14:17 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_ScottdalePolice.job
[2012/10/04 21:56:02 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 5200 Series All-In-One Center.lnk
[2012/10/04 20:37:11 | 000,000,115 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/10/04 04:24:34 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/04 04:24:34 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Spybot - Search & Destroy.lnk
[2012/10/04 03:51:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 21:59:42 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Avira Free Antivirus Profile Local Drives.LNK
[2012/10/03 18:54:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Microsoft Office Word 2003.lnk
[2012/10/03 17:16:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1003Core.job
[2012/10/03 15:36:24 | 000,305,664 | ---- | M] () -- C:\WINDOWS\msisear.exe
[2012/10/03 15:35:01 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1021Core.job
[2012/10/03 04:18:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_ScottdalePolice.job
[2012/10/01 15:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/29 15:08:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/28 05:31:30 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\d3d9caps.dat
[2012/09/25 18:38:45 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/24 23:39:47 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/09/24 21:46:11 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Internet.lnk
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ScottdalePolice\Desktop\TDSSKiller.exe
[2012/09/12 10:46:53 | 000,004,582 | ---- | M] () -- C:\CC_MAIN.DBF
[2012/09/07 22:13:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[9 C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp files -> C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/05 01:56:18 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\tdsskiller.zip
[2012/10/05 01:37:19 | 1005,899,776 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/04 22:19:23 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/10/04 22:19:23 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/10/04 22:19:22 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/10/04 22:19:22 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012/10/04 22:19:22 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
[2012/10/04 22:19:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2012/10/04 22:19:07 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/10/04 22:19:07 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/10/04 20:37:11 | 000,000,115 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/04 04:24:34 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/04 04:24:34 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Spybot - Search & Destroy.lnk
[2012/10/04 03:51:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 21:59:42 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Avira Free Antivirus Profile Local Drives.LNK
[2012/10/03 15:35:52 | 000,305,664 | ---- | C] () -- C:\WINDOWS\msisear.exe
[2012/10/03 15:29:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/24 21:46:11 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Internet.lnk
[2012/09/23 04:08:01 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_ScottdalePolice.job
[2012/09/23 04:08:00 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_ScottdalePolice.job
[2012/09/23 04:08:00 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_ScottdalePolice.job
[2012/09/07 21:55:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/05/09 11:22:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SN4Codec.DLL
[2012/05/09 02:16:01 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\.jupload.properties
[2012/03/14 21:46:36 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\vcmimm4.dll
[2012/03/14 21:46:36 | 001,572,864 | ---- | C] () -- C:\WINDOWS\System32\vcmimm5.dll
[2012/03/14 21:46:35 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/03/14 21:46:35 | 000,000,828 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/03/13 23:29:18 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\default.pls
[2012/02/16 02:30:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/21 00:35:42 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\d3d9caps.dat
[2011/09/09 04:50:02 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/09/09 04:50:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/07/27 11:18:42 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 15:48:27 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\ScottdalePolice\ntuser.pol
[2010/11/18 02:27:00 | 000,051,248 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/02/12 12:31:36 | 000,016,826 | ---- | C] () -- C:\Program Files\Common Files\ctTree.GID
[2006/08/03 00:58:15 | 000,003,323 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[2012/10/03 15:31:41 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$5be4ff745ac6401facf6b73e84c195a5\@
[2012/10/03 15:31:41 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$5be4ff745ac6401facf6b73e84c195a5\L
[2012/10/05 00:35:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$5be4ff745ac6401facf6b73e84c195a5\U
[2006/07/23 19:14:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/08 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6F63A58B0819AF1700001EA47B07D287
[2012/07/09 11:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/06/10 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Ally
[2009/07/29 06:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/07/30 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/06/15 01:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/04/14 01:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/10/01 08:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/12 21:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/22 04:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/18 01:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/31 03:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\FreeFileViewer
[2012/01/25 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Leadertech
[2012/05/09 01:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Oracle
[2011/07/27 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\ScanSoft
[2012/03/20 22:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Windows Desktop Search
[2012/03/23 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Windows Search

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

#2
Amlak

Posted 05 October 2012 - 07:12 AM

Member 1K

Member
1,470 posts

Hey, mppd20. Let's help you out with your malware issue(s).

While I await expert approval of my next fix, please try the following:

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
Amlak

Posted 05 October 2012 - 08:03 AM

Member 1K

Member
1,470 posts

Warning This fix is only relevant for this system and no other, using it on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot. Also, disable MalwareBytes' AntiMalware for the duration of this fix (if it's running in the background).

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2012/10/03 15:31:41 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$5be4ff745ac6401facf6b73e84c195a5\@
[2012/10/03 15:31:41 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$5be4ff745ac6401facf6b73e84c195a5\L
[2012/10/05 00:35:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$5be4ff745ac6401facf6b73e84c195a5\U

:Commands
[EMPTYTEMP]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log it produces in your next reply.

*********
NEXT
*********

Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

#4
Amlak

Posted 05 October 2012 - 08:46 AM

Member 1K

Member
1,470 posts

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please paste the log in your next reply.

#5
mppd20

Posted 05 October 2012 - 07:40 PM

Member

Topic Starter
Member
35 posts

aswMBR.exe would download, but would not open or run, I ran OTL, but did not save it and lost it, here are the results of RougeKiller and Farbar scan

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ScottdalePolice [Admin rights]
Mode : Remove -- Date : 10/05/2012 21:35:45

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] msisear.exe -- C:\WINDOWS\msisear.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] FreeFileViewerUpdateChecker.job : C:\Documents and Settings\ScottdalePolice\Application Data\FreeFileViewer\FFVCheckForUpdates.exe -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{DFEFA7FA-1CCB-4C85-82F0-C3B82EF47C4D} : NameServer (192.168.1.1,24.154.1.37) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{DFEFA7FA-1CCB-4C85-82F0-C3B82EF47C4D} : NameServer (192.168.1.1,24.154.1.37) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805B1D78 -> HOOKED (Unknown @ 0xF7CD6A8C)
SSDT[41] : NtCreateKey @ 0x8061ABE2 -> HOOKED (Unknown @ 0xF7CD6A46)
SSDT[50] : NtCreateSection @ 0x805A0800 -> HOOKED (Unknown @ 0xF7CD6A96)
SSDT[53] : NtCreateThread @ 0x805C735E -> HOOKED (Unknown @ 0xF7CD6A3C)
SSDT[63] : NtDeleteKey @ 0x8061B07E -> HOOKED (Unknown @ 0xF7CD6A4B)
SSDT[65] : NtDeleteValueKey @ 0x8061B24E -> HOOKED (Unknown @ 0xF7CD6A55)
SSDT[68] : NtDuplicateObject @ 0x805B398C -> HOOKED (Unknown @ 0xF7CD6A87)
SSDT[98] : NtLoadKey @ 0x8061CE06 -> HOOKED (Unknown @ 0xF7CD6A5A)
SSDT[122] : NtOpenProcess @ 0x805C13E2 -> HOOKED (Unknown @ 0xF7CD6A28)
SSDT[128] : NtOpenThread @ 0x805C166E -> HOOKED (Unknown @ 0xF7CD6A2D)
SSDT[177] : NtQueryValueKey @ 0x80618E06 -> HOOKED (Unknown @ 0xF7CD6AAF)
SSDT[193] : NtReplaceKey @ 0x8061CCB6 -> HOOKED (Unknown @ 0xF7CD6A64)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981A4 -> HOOKED (Unknown @ 0xF7CD6AA0)
SSDT[204] : NtRestoreKey @ 0x8061C5C2 -> HOOKED (Unknown @ 0xF7CD6A5F)
SSDT[213] : NtSetContextThread @ 0x805C8FB6 -> HOOKED (Unknown @ 0xF7CD6A9B)
SSDT[237] : NtSetSecurityObject @ 0x805B60FE -> HOOKED (Unknown @ 0xF7CD6AA5)
SSDT[247] : NtSetValueKey @ 0x80619154 -> HOOKED (Unknown @ 0xF7CD6A50)
SSDT[255] : NtSystemDebugControl @ 0x8060EB2C -> HOOKED (Unknown @ 0xF7CD6AAA)
SSDT[257] : NtTerminateProcess @ 0x805C866A -> HOOKED (Unknown @ 0xF7CD6A37)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7CD6ABE)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7CD6AC3)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++
--- User ---
[MBR] 47003ffffe5a47b14003ce7e00e0077c
[BSP] 79fd8cd79a6c0699b9277f6001346b3b : Windows XP MBR Code [possible maxSST in 1!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312560640 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Farbar Service Scanner Version: 19-09-2012
Ran by ScottdalePolice (administrator) on 05-10-2012 at 21:37:55
Running from "C:\Documents and Settings\ScottdalePolice\Local Settings\Temporary Internet Files\Content.IE5\N42EWYE3"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#6
Amlak

Posted 05 October 2012 - 09:55 PM

Member 1K

Member
1,470 posts

Download ListParts to a USB flash drive.
Also, please download aswMBR to the same flash drive.
Download OTLPEStd.exe to your desktop.
Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe. The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
Once the CD is burned, boot the infected computer using the boot CD you just created. For more information, click here
- Don't forget to connect the flash drive to the computer before you boot from the CD.
Your system should now display a REATOGO-X-PE desktop.
Double-click the My Computer icon and locate your flash drive to access it.
Run aswMBR.exe
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your flash drive and post it in your next reply.
There will also be another new file on your flash drive named mbr.dat
Please zip mbr.dat to mbr.zip and attach it to your next post also.
Now run ListParts and click the Scan button.
When finished scanning it will make a log Result.txt on the flash drive. Post that one also in your next reply

#7
mppd20

Posted 05 October 2012 - 10:57 PM

Member

Topic Starter
Member
35 posts

i have attached all three files you have requested.

Attached Files

Result.txt 2.19KB 80 downloads
Copy of aswMBR.txt 1.7KB 80 downloads
Copy of MBR.dat 512bytes 141 downloads

#8
Amlak

Posted 06 October 2012 - 04:50 AM

Member 1K

Member
1,470 posts

Hi, mppd20. I've attached a file for you to save to your flash drive in the same directory as ListParts, so please do so.

Boot back into the computer via the CD to get back into the Reatogo desktop.

Go to your flash drive and run ListParts again.

This time, click the Fix button.

Once the fix is done, go back into normal Windows. And do the following:

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Also, do a quick scan with OTL and post the resultant log.

Attached Files

fix.txt 52bytes 87 downloads

#9
mppd20

Posted 06 October 2012 - 07:10 PM

Member

Topic Starter
Member
35 posts

OTL logfile created on: 10/6/2012 10:01:24 PM - Run 6
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\ScottdalePolice\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.23 Mb Total Physical Memory | 443.05 Mb Available Physical Memory | 46.19% Memory free
2.26 Gb Paging File | 1.77 Gb Available in Paging File | 78.53% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 94.67 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.87% Space Free | Partition Type: FAT32

Computer Name: WS2 | User Name: ScottdalePolice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ScottdalePolice\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\msisear.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\msisear.exe ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\LogMeIn\x86\ICSAgent32.dll ()
MOD - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
MOD - C:\Program Files\Lexmark 5200 Series\ConvDIB.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBTPP5C.DLL ()
MOD - C:\WINDOWS\system32\LXPRMON.DLL ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()

========== Services (SafeList) ==========

SRV - (W32Serv) -- C:\WINDOWS\msisear.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ppped) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
SRV - (lxbt_device) -- C:\WINDOWS\system32\lxbtcoms.exe (Lexmark International, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\SCOTTD~2\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (UdfReadr) -- C:\WINDOWS\System32\drivers\udfreadr.sys (Roxio)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (W8335XP) -- C:\WINDOWS\system32\drivers\Mrv8000c.sys (Marvell Semiconductor, Inc)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{090199AC-50D9-4264-BE67-93B6A6869C17}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{0F39D79C-91FC-48EC-A79C-F8D45925B78E}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B5C400C-43C0-42BF-8E6E-BA48BD32E3C5}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{5F8D2B74-6ACE-40B5-936D-E7EDABF083A8}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{68F29EDB-4D1A-4C4C-B722-0C6439399C10}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{7AFAD45A-B5F4-44BB-AA18-55DFC87F2C01}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKLM\..\SearchScopes\{D281A3A0-B521-4853-A632-74DEBE2135AF}: "URL" = http://shopping.yaho...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 72 F1 B0 02 A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Scottdale Police\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Scottdale Police\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LXBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab46479.cab (StagingUI Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.3.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vra.co.westm...svrloader32.cab (Cisco SSL VPN Relay Loader)
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} http://zone.msn.com/...rp.cab51831.cab (Chess Object)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.micr...44/mpg4sdmo.cab (Reg Error: Unable to open value key)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vra.co.westm...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1153696192234 (MUWebControl Class)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {B37D8AB5-3A6C-4219-BC46-93B26EF0E53D} http://211.174.251.155/XViewer.cab (ActiveFormX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab41227.cab (StadiumProxy Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pccd.webex.c...nbr/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFEFA7FA-1CCB-4C85-82F0-C3B82EF47C4D}: NameServer = 192.168.1.1,24.154.1.37
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 02:53:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 00:44:13 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTLPEStd.exe
[2012/10/05 21:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottdalePolice\Desktop\RK_Quarantine
[2012/10/05 03:30:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\ScottdalePolice\Desktop\aswMBR.exe
[2012/10/05 02:51:43 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTL.exe
[2012/10/05 02:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottdalePolice\Desktop\tdsskiller
[2012/10/05 01:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottdalePolice\Desktop\GooredFix Backups
[2012/10/05 01:50:27 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\ScottdalePolice\Desktop\GooredFix.exe
[2012/10/05 01:42:22 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTM.exe
[2012/10/04 22:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/04 22:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 22:38:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ScottdalePolice\Start Menu\Programs\Administrative Tools
[2012/10/04 04:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/04 04:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/10/04 03:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ScottdalePolice\Application Data\Malwarebytes
[2012/10/04 03:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/04 03:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/04 03:10:45 | 004,762,471 | R--- | C] (Swearware) -- C:\Documents and Settings\ScottdalePolice\Desktop\ComboFix.exe
[2012/10/03 23:33:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ScottdalePolice\Recent
[2012/10/03 21:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/10/03 21:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ScottdalePolice\Desktop\TDSSKiller.exe
[2012/09/07 21:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6F63A58B0819AF1700001EA47B07D287
[2005/03/17 22:33:14 | 000,129,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSCAL.OCX
[2003/10/20 11:23:28 | 000,303,104 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\Common Files\dzactx.dll
[2003/10/20 11:23:28 | 000,262,144 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\Common Files\duzactx.dll
[2003/04/23 12:24:00 | 000,253,952 | ---- | C] (Gamesman Inc.) -- C:\Program Files\Common Files\cttree.ocx
[2002/08/22 15:10:18 | 000,241,664 | ---- | C] (DBI Technologies Inc.) -- C:\Program Files\Common Files\ctList.ocx
[2001/08/28 01:55:20 | 000,069,632 | ---- | C] (Gamesman Inc.) -- C:\Program Files\Common Files\ctClock.ocx
[1998/12/08 22:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 22:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 22:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 22:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 22:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 22:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[9 C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp files -> C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 22:01:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\MBR.dat
[2012/10/06 21:59:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/06 21:59:10 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 21:58:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/06 21:58:40 | 1005,899,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 20:42:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/06 05:16:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1003UA.job
[2012/10/06 05:13:01 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 04:35:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1021UA.job
[2012/10/06 02:07:24 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/10/06 00:44:13 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTLPEStd.exe
[2012/10/05 21:33:54 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\RogueKiller.exe
[2012/10/05 21:24:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ScottdalePolice\Desktop\aswMBR.exe
[2012/10/05 17:16:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1003Core.job
[2012/10/05 15:35:01 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-725345543-1021Core.job
[2012/10/05 02:51:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTL.exe
[2012/10/05 02:30:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/05 01:56:18 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\tdsskiller.zip
[2012/10/05 01:50:22 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\ScottdalePolice\Desktop\GooredFix.exe
[2012/10/05 01:48:48 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\MSN.com.url
[2012/10/05 01:42:03 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ScottdalePolice\Desktop\OTM.exe
[2012/10/05 00:49:45 | 004,762,471 | R--- | M] (Swearware) -- C:\Documents and Settings\ScottdalePolice\Desktop\ComboFix.exe
[2012/10/04 21:56:02 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 5200 Series All-In-One Center.lnk
[2012/10/04 20:37:11 | 000,000,115 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/10/04 04:24:34 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/04 04:24:34 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Spybot - Search & Destroy.lnk
[2012/10/04 03:51:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 21:59:42 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Avira Free Antivirus Profile Local Drives.LNK
[2012/10/03 18:54:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Microsoft Office Word 2003.lnk
[2012/10/03 15:36:24 | 000,305,664 | ---- | M] () -- C:\WINDOWS\msisear.exe
[2012/10/01 15:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/29 15:08:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/28 05:31:30 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\d3d9caps.dat
[2012/09/25 18:38:45 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/24 23:39:47 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/09/24 21:46:11 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Internet.lnk
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ScottdalePolice\Desktop\TDSSKiller.exe
[2012/09/12 10:46:53 | 000,004,582 | ---- | M] () -- C:\CC_MAIN.DBF
[2012/09/07 22:13:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[9 C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp files -> C:\Documents and Settings\ScottdalePolice\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 22:01:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\MBR.dat
[2012/10/05 21:33:48 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\RogueKiller.exe
[2012/10/05 01:56:18 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\tdsskiller.zip
[2012/10/05 01:37:19 | 1005,899,776 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/04 22:19:23 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/10/04 22:19:23 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/10/04 22:19:22 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/10/04 22:19:22 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012/10/04 22:19:22 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
[2012/10/04 22:19:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2012/10/04 22:19:07 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/10/04 22:19:07 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/10/04 20:37:11 | 000,000,115 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/04 04:24:34 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/04 04:24:34 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Spybot - Search & Destroy.lnk
[2012/10/04 03:51:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 21:59:42 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Avira Free Antivirus Profile Local Drives.LNK
[2012/10/03 15:35:52 | 000,305,664 | ---- | C] () -- C:\WINDOWS\msisear.exe
[2012/10/03 15:29:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/24 21:46:11 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Desktop\Internet.lnk
[2012/09/07 21:55:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/05/09 11:22:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SN4Codec.DLL
[2012/05/09 02:16:01 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\.jupload.properties
[2012/03/14 21:46:36 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\vcmimm4.dll
[2012/03/14 21:46:36 | 001,572,864 | ---- | C] () -- C:\WINDOWS\System32\vcmimm5.dll
[2012/03/14 21:46:35 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/03/14 21:46:35 | 000,000,828 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/03/13 23:29:18 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\default.pls
[2012/02/16 02:30:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/21 00:35:42 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\d3d9caps.dat
[2011/09/09 04:50:02 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/09/09 04:50:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/07/27 11:18:42 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 15:48:27 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\ScottdalePolice\ntuser.pol
[2010/11/18 02:27:00 | 000,051,248 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/02/12 12:31:36 | 000,016,826 | ---- | C] () -- C:\Program Files\Common Files\ctTree.GID
[2006/08/03 00:58:15 | 000,003,323 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[2006/07/23 19:14:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/08 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6F63A58B0819AF1700001EA47B07D287
[2012/07/09 11:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/06/10 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Ally
[2009/07/29 06:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/07/30 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/06/15 01:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/04/14 01:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/10/01 08:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/12 21:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/22 04:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/18 01:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/31 03:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\FreeFileViewer
[2012/01/25 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Leadertech
[2012/05/09 01:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Oracle
[2011/07/27 10:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\ScanSoft
[2012/03/20 22:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Windows Desktop Search
[2012/03/23 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ScottdalePolice\Application Data\Windows Search

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Attached Files

aswMBR.txt 1.64KB 96 downloads

#10
Amlak

Posted 07 October 2012 - 05:05 AM

Member 1K

Member
1,470 posts

Let's get that firewall working now. Right-click here and save to your desktop. Then double-click the file you just downloaded and click Yes to confirm. Restart computer just to be sure. And then check if your firewall is enabled (or can be enabled).

*********
NEXT
*********

Open Malwarebytes' Anti-Malware.
Select the Update tab.
Click Check for Updates.
After the update has been completed, select the Scanner tab.
Select Perform quick scan, then click on the Scan button.
When done, you will be prompted. Click OK, then click on Show Results.
Make sure all items are checked and click on Remove Selected.
If asked to restart the computer, please do so immediately.
Post the contents of the resultant log in your next reply. You can access the log in the Logs tab.

*********
NEXT
*********

Go to here
Click the download button under Kaspersky Security Scan
Download and run the file
It will start to download the Kaspersky Security Scan program data
Once downloaded the installer will begin
Click Next
Accept the License Agreement
Click Install
The program will now install
Click Finish
Kaspersky Security Scan will now start
Click the Full Scan button
The scan will take about an hour or two depending on the amount of data on your hard drive
If the scan detects problems it will open a Problems found window
Click Details to generate a scan results report
Once the scan is complete do the following:
[list]
For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
Attach the HtmlReport zipped folder to your next post
You can now close Kaspersky Security Scan

#11
mppd20

Posted 08 October 2012 - 05:10 AM

Member

Topic Starter
Member
35 posts

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ScottdalePolice :: WS2 [administrator]

Protection: Disabled

10/8/2012 7:59:09 AM
mbam-log-2012-10-08 (07-59-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 502259
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12
Amlak

Posted 08 October 2012 - 08:20 AM

Member 1K

Member
1,470 posts

Please let me know if the firewall is now enabled. Also, don't forget the Kaspersky Scan please.

#13
mppd20

Posted 08 October 2012 - 09:44 AM

Member

Topic Starter
Member
35 posts

here are the results

Attached Files

HtmlReport.zip 317.85KB 77 downloads

#14
Amlak

Posted 09 October 2012 - 07:38 AM

Member 1K

Member
1,470 posts

Hi, mppd20. If MalwareBytes' AntiMalware is running in the background, please disable it for the duration of this post's fix.

Warning This fix is only relevant for this system and no other, using it on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
MOD - C:\WINDOWS\msisear.exe ()
SRV - (W32Serv) -- C:\WINDOWS\msisear.exe ()
[2012/09/07 22:13:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ScottdalePolice\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

:FILES
C:\Documents and Settings\metro\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44\7a8c7aac-35a351b6 

:COMMANDS
[EMPTYTEMP]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log it produces in your next reply.

*********
NEXT
*********

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also, please let me know how your computer is behaving.