Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Zero Access with no redirects


  • Please log in to reply

#1
M2mouse

M2mouse

    Member

  • Member
  • PipPipPip
  • 144 posts
I did a scan with AVG and it came up with some sort of Root kit(five of them). All scans MWB and Spy Bot come up with nothing(also TDSSkiller). RougeKiller did find Zero Access, but I'm not sure what to do with it.
I have many reports so please just ask which one you want to see and I'll post it up.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Very quick reply! Thanks! I'm working on it now.
  • 0

#4
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
OTL logfile created on: 2/18/2013 PM 03:48:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Media\My Documets
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.40% Memory free
5.74 Gb Paging File | 4.98 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 428.15 Gb Free Space | 91.93% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 418.01 Gb Free Space | 89.75% Space Free | Partition Type: NTFS
Drive F: | 5.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MITCH | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 12:55:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Media\My Documets\OTL.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2007/02/18 06:00:00 | 001,681,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/17 12:01:44 | 000,099,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/02/03 21:05:00 | 000,663,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\ati2saag.exe -- (ATI Smart)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 06:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009/08/14 07:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/18 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 B3 53 D2 E7 0A CE 01 [binary data]
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



Hosts file not found
O3:64bit: - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.att.n...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1227376629640 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1353086883703 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1189CE54-EA73-4ED2-A5AB-6B5A06331B6E}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF4A47C-0547-478B-8AD5-E1BE5A38C5BC}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D97A4C06-2153-42D8-84C7-333CA178C503}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (UserInit.exe) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\cscdll: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No CLSID value found.
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - No CLSID value found.
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - No CLSID value found.
O24 - Desktop WallPaper: E:\Media\My Documets\vulcansr21024.bmp
O24 - Desktop BackupWallPaper: E:\Media\My Documets\vulcansr21024.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/20 20:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)



SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: sermouse.sys - Driver
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: wd.sys - Driver
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: wd.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: sermouse.sys - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: UploadMgr - Service
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Reg Error: Value error.
ActiveX:64bit: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX:64bit: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX:64bit: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - Help and Support Center
ActiveX:64bit: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX:64bit: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX:64bit: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX:64bit: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\SysWOW64\Rundll32.exe c:\WINDOWS\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32:64bit: aux - File not found
Drivers32:64bit: aux1 - File not found
Drivers32:64bit: aux2 - File not found
Drivers32:64bit: aux3 - File not found
Drivers32:64bit: midi - File not found
Drivers32:64bit: midi1 - File not found
Drivers32:64bit: midi2 - File not found
Drivers32:64bit: midi3 - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: mixer1 - File not found
Drivers32:64bit: mixer2 - File not found
Drivers32:64bit: mixer3 - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: msacm.trspch - File not found
Drivers32:64bit: vidc.i420 - File not found
Drivers32:64bit: vidc.iv31 - File not found
Drivers32:64bit: vidc.iv32 - File not found
Drivers32:64bit: vidc.iv41 - File not found
Drivers32:64bit: vidc.iv50 - File not found
Drivers32:64bit: vidc.iyuv - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: vidc.uyvy - File not found
Drivers32:64bit: vidc.yuy2 - File not found
Drivers32:64bit: vidc.yvu9 - File not found
Drivers32:64bit: vidc.yvyu - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wave1 - File not found
Drivers32:64bit: wave2 - File not found
Drivers32:64bit: wave3 - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 12:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Media\My Documets\OTL.exe
[2013/02/18 12:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mitch\Desktop\RK_Quarantine
[2013/02/18 11:09:01 | 000,000,000 | ---D | C] -- E:\Media\My Documets\avg_arl_ffi_all_120_120823a5411
[2013/02/17 13:21:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/17 13:17:34 | 000,000,000 | ---D | C] -- E:\Media\My Documets\tdsskiller
[2013/02/12 09:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/01/22 09:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[9 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 12:55:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Media\My Documets\OTL.exe
[2013/02/18 12:15:20 | 000,774,144 | ---- | M] () -- E:\Media\My Documets\RogueKillerX64.exe
[2013/02/18 12:01:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/18 11:08:14 | 102,010,580 | ---- | M] () -- E:\Media\My Documets\avg_arl_ffi_all_120_120823a5411.zip
[2013/02/17 13:14:54 | 002,218,636 | ---- | M] () -- E:\Media\My Documets\tdsskiller.zip
[2013/02/13 19:27:04 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013/02/13 19:27:03 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/13 19:17:12 | 000,571,736 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/02/13 19:11:27 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/12 09:36:27 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/08 11:44:12 | 000,001,478 | ---- | M] () -- E:\Media\My Documets\resume.rtf
[9 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/18 12:15:20 | 000,774,144 | ---- | C] () -- E:\Media\My Documets\RogueKillerX64.exe
[2013/02/18 11:08:14 | 102,010,580 | ---- | C] () -- E:\Media\My Documets\avg_arl_ffi_all_120_120823a5411.zip
[2013/02/17 13:10:53 | 002,218,636 | ---- | C] () -- E:\Media\My Documets\tdsskiller.zip
[2013/02/08 11:44:12 | 000,001,478 | ---- | C] () -- E:\Media\My Documets\resume.rtf
[2012/11/16 11:16:35 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2012/08/11 10:25:32 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Mitch\Local Settings\Application Data\dt.dat
[2011/11/29 10:24:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\OVDecode.dll
[2010/09/20 21:25:32 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Mitch\Application Data\SamsungLiveUpdateConfig.ini
[2010/09/20 20:07:18 | 011,878,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda

========== ZeroAccess Check ==========

[2008/11/23 22:11:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 06:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AVDS-63U7B1
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDP725050GLA360
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/02/02 14:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Adobe
[2010/09/20 21:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\ATI
[2011/11/15 12:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\AVG
[2012/11/16 10:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\AVG2013
[2012/11/14 13:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\ElevatedDiagnostics
[2012/11/12 18:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Help
[2012/11/14 12:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Identities
[2011/11/26 21:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\InterVideo
[2011/10/23 15:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Macromedia
[2011/11/16 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Malwarebytes
[2012/02/02 14:27:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mitch\Application Data\Microsoft
[2011/10/23 16:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\MSNInstaller
[2011/10/28 21:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Nikon
[2011/11/10 10:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\OpenOffice.org
[2011/11/15 15:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Sammsoft
[2011/11/30 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\SoundSpectrum
[2011/10/23 13:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Sun
[2012/11/16 10:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\TuneUp Software
[2010/09/20 21:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Windows Desktop Search
[2011/11/11 15:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mitch\Application Data\Windows Search

< MD5 for: ATAPI.SYS >
[2007/02/18 06:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys

< MD5 for: EXPLORER.EXE >
[2007/02/18 06:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe
[2007/02/18 06:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/21 02:29:34 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=7522FBD86A6494EFAB98AF49B12F525C -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2011/03/03 11:50:58 | 000,233,472 | ---- | M] (Microsoft Corporation) MD5=8CFB662B5EECFABBFBC7F554B55CE82C -- C:\WINDOWS\SysWOW64\mswsock.dll
[2011/03/03 11:47:30 | 000,493,056 | ---- | M] (Microsoft Corporation) MD5=E3978EF56F355B258DE579477D253C88 -- C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\mswsock.dll

< MD5 for: SERVICES.EXE >
[2009/03/19 18:42:16 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=5BC6B0FFA0EB95A02F63D5BCAD39127B -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2007/02/18 06:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\SysWOW64\svchost.exe

< MD5 for: USER32.DLL >
[2007/03/02 00:56:18 | 001,086,464 | ---- | M] (Microsoft Corporation) MD5=35BC0334F3D679209C34CB6E4293C29C -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2007/03/02 01:54:34 | 000,602,624 | ---- | M] (Microsoft Corporation) MD5=8BE4E29DA25073BF7894E2A61C9525DE -- C:\WINDOWS\SysWOW64\user32.dll

< MD5 for: USERINIT.EXE >
[2007/02/18 06:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2007/02/18 06:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=372097347142B42A6DD0DB68E20C37B2 -- C:\WINDOWS\SysWOW64\winrnr.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/01/12 09:15:58 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/01/12 09:15:58 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/01/12 09:15:58 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\DOCUMENTS AND SETTINGS\MITCH\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\APPLICATION\CHROME.EXE"
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2009/11/21 23:32:34 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/31 18:30:26 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/26 14:50:52 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/11/21 23:32:34 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\write.wpc
[2007/02/18 06:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\FONT.DAT
[2007/02/18 06:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL.DAT
[2007/02/18 06:00:00 | 000,274,944 | ---- | M] (Cinematronics) -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL.EXE
[2007/02/18 06:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL.MID
[2007/02/18 06:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\PINBALL2.MID
[2007/02/18 06:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND1.WAV
[2007/02/18 06:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND104.WAV
[2007/02/18 06:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND105.WAV
[2007/02/18 06:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND108.WAV
[2007/02/18 06:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND111.WAV
[2007/02/18 06:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND112.WAV
[2007/02/18 06:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND12.WAV
[2007/02/18 06:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND13.WAV
[2007/02/18 06:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND131.WAV
[2007/02/18 06:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND136.WAV
[2007/02/18 06:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND14.WAV
[2007/02/18 06:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND16.WAV
[2007/02/18 06:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND17.WAV
[2007/02/18 06:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND18.WAV
[2007/02/18 06:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND181.WAV
[2007/02/18 06:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND19.WAV
[2007/02/18 06:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND20.WAV
[2007/02/18 06:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND21.WAV
[2007/02/18 06:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND22.WAV
[2007/02/18 06:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND24.WAV
[2007/02/18 06:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND240.WAV
[2007/02/18 06:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND243.WAV
[2007/02/18 06:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND25.WAV
[2007/02/18 06:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND26.WAV
[2007/02/18 06:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND27.WAV
[2007/02/18 06:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND28.WAV
[2007/02/18 06:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND29.WAV
[2007/02/18 06:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND3.WAV
[2007/02/18 06:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND30.WAV
[2007/02/18 06:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND34.WAV
[2007/02/18 06:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND35.WAV
[2007/02/18 06:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND36.WAV
[2007/02/18 06:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND38.WAV
[2007/02/18 06:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND39.WAV
[2007/02/18 06:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND4.WAV
[2007/02/18 06:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND42.WAV
[2007/02/18 06:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND43.WAV
[2007/02/18 06:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND45.WAV
[2007/02/18 06:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND49.WAV
[2007/02/18 06:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND49D.WAV
[2007/02/18 06:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND5.WAV
[2007/02/18 06:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND50.WAV
[2007/02/18 06:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND528.WAV
[2007/02/18 06:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND53.WAV
[2007/02/18 06:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND54.WAV
[2007/02/18 06:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND55.WAV
[2007/02/18 06:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND560.WAV
[2007/02/18 06:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND563.WAV
[2007/02/18 06:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND57.WAV
[2007/02/18 06:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND58.WAV
[2007/02/18 06:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND6.WAV
[2007/02/18 06:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND65.WAV
[2007/02/18 06:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND68.WAV
[2007/02/18 06:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND7.WAV
[2007/02/18 06:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND713.WAV
[2007/02/18 06:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND735.WAV
[2007/02/18 06:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND8.WAV
[2007/02/18 06:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND827.WAV
[2007/02/18 06:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND9.WAV
[2007/02/18 06:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\SOUND999.WAV
[2007/02/18 06:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\table.bmp
[2007/02/18 06:00:00 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< >

< End of report >
  • 0

#5
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
OTL Extras logfile created on: 2/18/2013 PM 03:48:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Media\My Documets
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.40% Memory free
5.74 Gb Paging File | 4.98 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 428.15 Gb Free Space | 91.93% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 418.01 Gb Free Space | 89.75% Space Free | Partition Type: NTFS
Drive F: | 5.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MITCH | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\WINDOWS\SysWOW64\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\WINDOWS\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url[@ = InternetShortcut] -- C:\WINDOWS\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\SysWow64\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3383764226-1312016127-1492471184-1009\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\SysWOW64\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\SysWOW64\rundll32.exe" "C:\WINDOWS\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- "C:\WINDOWS\SysWOW64\rundll32.exe" "C:\WINDOWS\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\SysWOW64\rundll32.exe" "C:\WINDOWS\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\SysWOW64\rundll32.exe" "C:\WINDOWS\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
"C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe" = C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2013\avgemca.exe" = C:\Program Files (x86)\AVG\AVG2013\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" = C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe" = C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG2013\avgemca.exe" = C:\Program Files (x86)\AVG\AVG2013\avgemca.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{272B28DC-7F63-3F8F-48AD-5651F3F00A8F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B24B387E-57D8-A1D9-B688-6C144EFC9107}" = AMD Catalyst Install Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"AVG" = AVG 2013
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional
"{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German
"{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French
"{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish
"{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech
"{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese
"{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch
"{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian
"{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek
"{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy
"{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ATT-PRT22" = ATT-PRT22
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MSNINST" = MSN
"SpeedFan" = SpeedFan (remove only)
"WhiteCap" = WhiteCap

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2012 PM 12:08:08 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 12:44:26 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 12:46:10 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 12:49:58 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 12:51:11 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 02:46:25 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 02:47:53 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 02:49:34 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 02:51:26 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

Error - 12/1/2012 PM 03:00:45 | Computer Name = MITCH | Source = Windows Search Service | ID = 3083
Description =

[ System Events ]
Error - 11/14/2011 PM 03:38:40 | Computer Name = MITCH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/14/2011 PM 03:38:44 | Computer Name = MITCH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/14/2011 PM 03:39:00 | Computer Name = MITCH | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the AFD service which failed to
start because of the following error: %%31

Error - 11/14/2011 PM 03:39:00 | Computer Name = MITCH | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 11/14/2011 PM 03:39:00 | Computer Name = MITCH | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 11/14/2011 PM 03:39:00 | Computer Name = MITCH | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/14/2011 PM 03:39:00 | Computer Name = MITCH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdPPM64 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss speedfan Tcpip

Error - 11/14/2011 PM 03:45:45 | Computer Name = MITCH | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/14/2011 PM 03:45:45 | Computer Name = MITCH | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/14/2011 PM 03:46:50 | Computer Name = MITCH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000129A696FB has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#6
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Just in case: Combofix doesn't work with my 64 bit XP. It calls it windows 2000 and states that it's not supported.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Something funny going on:

< MD5 for: SERVICES.EXE >
[2009/03/19 18:42:16 | 000,227,840 | ---- | M] (Microsoft Corporation) MD5=5BC6B0FFA0EB95A02F63D5BCAD39127B -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe

Appears that your services.exe file is missing. I fear AVG may have removed it improperly. (Services.exe is often infected by ZeroAccess but you can't just delete it.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

If it can find another one it will replace it but I have my doubts. This is a very critical file. If it finishes without complaining then it was able to find a replacement.

We can probably fix the O10 entries by resetting winsock but I'm afraid to do that until we verify that services is OK.

Right click on the the clock and select Task Manager then Processes. They should be sorted by Image Name. (If not click on Image Name once or twice) Find services.exe Is it there?

Combofix works on Win 7/64. Have used it many times. Something else is causing it not to work. Did you remember to right click and Run As Admin? Skip it for now.
  • 0

#8
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
It's asking for the service pack 2 CD. I don't think I did it right.
  • 0

#9
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Ok I'm in the right place now. The sfc worked, but it says that scannow is not a recognized internal or external command.

services.exe is in the task manager.

Got it to work. Again it's asking for the SP2 CD.

Edited by M2mouse, 18 February 2013 - 05:01 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
OK. This is 2003. I missed that. Guess Combofix doesn't know that one.

Let's try Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

You can skip the sfc thing. Until Vista it didn't work all that well.

Start, Run, cmd, OK. This should bring up a command window. type:

cd  \
dir  /a  /s  services.exe  >  \junk.txt


This should create a file c:\junk.txt Attach it to a replay.


Copy the next line:

reg export HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters E:\Media\My Documets\winsock2.txt

Start, Run, cmd, OK then right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

This should create a file winsock2.txt in the same location as OTL E:\Media\My Documets\. Please ATTACH it (Do not copy and paste)

To reset winsock2

Start, Run, cmd, OK and tyep:

netsh  winsock  reset  catalog

Then reboot.

If it seems to work OK then you can run OTL, Quickscan and let's see if it did work.


(If it has problems getting on the Internet then rename winsock2.txt to winsock2.reg. Right click on it and Merge. This will put the winsock back the way it was. Reboot and it should let you back on.)
  • 0

Advertisements


#11
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
DDS states that it's not a supported OS. I'll work on the other things.
  • 0

#12
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Having trouble. How do I attach? I didn't think it saved it on the right click and now I have both on a notepad.
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Go ahead and copy and paste.
  • 0

#14
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Microsoft Windows [Version 5.2.3790]
© Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Mitch>ok
'ok' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Mitch>cd \

C:\>dir /a /s services.exe } \junk.txt
Volume in drive C has no label.
Volume Serial Number is 346E-69C5

Directory of C:\WINDOWS\$hf_mig$\KB956572\SP2QFE

03/19/2009 06:42 227,840 services.exe
1 File(s) 227,840 bytes

Directory of C:\WINDOWS\system32

03/19/2009 06:51 227,840 services.exe
1 File(s) 227,840 bytes

Directory of C:\WINDOWS\system32\dllcache

03/19/2009 06:51 227,840 services.exe
1 File(s) 227,840 bytes

Total Files Listed:
3 File(s) 683,520 bytes
0 Dir(s) 459,639,119,872 bytes free

C:\>Microsoft Windows [Version 5.2.3790]
'Microsoft' is not recognized as an internal or external command,
operable program or batch file.

C:\>© Copyright 1985-2003 Microsoft Corp.
Copyright was unexpected at this time.

C:\>
C:\>C:\Documents and Settings\Mitch>ok
'C:\Documents' is not recognized as an internal or external command,
operable program or batch file.

C:\>'ok' is not recognized as an internal or external command,
''ok'' is not recognized as an internal or external command,
operable program or batch file.

C:\>operable program or batch file.
'operable' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\>C:\Documents and Settings\Mitch>cd \
'C:\Documents' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\>C:\>dir /a /s services.exe } \junk.txt
'C:\' is not recognized as an internal or external command,
operable program or batch file.

C:\> Volume in drive C has no label.
'Volume' is not recognized as an internal or external command,
operable program or batch file.

C:\> Volume Serial Number is 346E-69C5
'Volume' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\> Directory of C:\WINDOWS\$hf_mig$\KB956572\SP2QFE
'Directory' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\>03/19/2009 06:42 227,840 services.exe
'03' is not recognized as an internal or external command,
operable program or batch file.

C:\> 1 File(s) 227,840 bytes
'1' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\> Directory of C:\WINDOWS\system32
'Directory' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\>03/19/2009 06:51 227,840 services.exe
'03' is not recognized as an internal or external command,
operable program or batch file.

C:\> 1 File(s) 227,840 bytes
'1' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\> Directory of C:\WINDOWS\system32\dllcache
'Directory' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\>03/19/2009 06:51 227,840 services.exe
'03' is not recognized as an internal or external command,
operable program or batch file.

C:\> 1 File(s) 227,840 bytes
'1' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\> Total Files Listed:
'Total' is not recognized as an internal or external command,
operable program or batch file.

C:\> 3 File(s) 683,520 bytes
'3' is not recognized as an internal or external command,
operable program or batch file.

C:\> 0 Dir(s) 459,639,119,872 bytes free
'0' is not recognized as an internal or external command,
operable program or batch file.

C:\>
C:\>C:\>
  • 0

#15
M2mouse

M2mouse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 144 posts
Laugh at my problems. I am, boy I don't know what I was thinking.
What should I do with OTL? I got the winsock reset and did a reboot.

Edited by M2mouse, 18 February 2013 - 06:14 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP